Holiday  crush 


Retailers  share  their  network  strategies  for 


fending  off  online  fraud,  handling  heavy  traffic.  PAGE  10. 


Firing  up  fiber  The  Bells  look  to  boost  broadband 

revenue  with  fiber-to-the-premises  rollouts.  PAGE  27. 
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A  Wider  Net 


Enough 
about  Linus, 
what’s  the 
story  with 
the  penguin? 


Torvalds  wanted  a 
'beanbag'  for  a  logo, 
and  that's 
what  Larry 
Ewing  gave 
him. 


IPv6  fears  seen  unfounded 

Early  adopters  reporttransition  has  been  easier,  less  expensive  than  predicted. 


I A  Putting  IPv6  on  a  network  backbone  is 
relatively  simple.  Even  regional-type 
networks  are  relatively  easy.  9  9 

Rick  Summerhill 

Associate  director  of  backbone  network  infrastructure,  Internet2 


■  BY  CAROLYN  DUFFY  MARSAN 

ARLINGTON,  VA.  —  Early 
adopters  of  IPv6  say  deployment 
of  this  upgrade  to  the  Internets 
main  communications  protocol  is 
significantly  easier  than  expected 
and  costs  less  than  anticipated. 

These  findings  run  counter  to 
longstanding  conventional  wis¬ 
dom  from  the  Internet  engineer¬ 
ing  community,  which  for  years 
has  warned  ISPs  and  corporate 
network  managers  about  the 
need  to  prepare  for  a  time-con¬ 
suming  and  expensive  upgrade 


to  IPv6. 

The  U.S.  Department  of  Defense 
and  several  universities  reported 
positive  feedback  about  their 
IPv6  deployments  at  the  U.S.  IPv6 
Summit  2003,  held  last  week  in 
Arlington, Va. 

The  Internet  Engineering  Task 
Force  (IETF)  has  worked  on  IPv6 
since  1992. While  the  transition  to 
IPv6  has  taken  longer  than  advo¬ 
cates  expected, that  pace  appears 
to  have  generated  an  unintended 
benefit:  Now  that  users  want  to 
deploy  IPv6,  it’s  already  bundled 
in  the  hardware  and  software  they 


need  to  buy  in  the  course  of  nor¬ 
mal  infrastructure  upgrades. 

“IPv6  is  less  complex  than  we 
thought,  and  it  doesn’t  take  as 
many  resources  as  we  thought,” 
says  Jim  Bound,  chairman  of  the 


North  American  IPv6  Task  Force 
and  an  HP  fellow.  Bound  has 
been  involved  in  IPv6  develop¬ 
ment  and  transition  issues  for 
nearly  a  decade. 

See  IPv6,  page  16 


VoIP,  storage  top 
Cisco  hit  parade 


■  BY  JENNIFER  MEARS 

>  he  Linux  albatross  just 
wouldn’t  sell.  And  the 
1  Linux  platypus,  well, 
who’d  buy  anything  from 
him?  Ah,  but  the  Linux  pen¬ 
guin, there’s  a  bird  that  could 
really  drive  an  industry. 

“The  little  guy  hasn’t  been 
very  active  in  coding  the 
actual  kernel,  but  he  sure  as 
hell  has  made  for  a  very  rec¬ 
ognizable  mascot,”  says 
Linux  creator  Linus  Torvalds. 
“There  are  people  out  there 
who  have  no  interest  in 
computers  and  wouldn’t 
know  what  Linux  is,  but  they 
See  Penguin,  page  14 

DAN  VASCONCELLOS 


■  BY  PHIL  HOCHMUTH 

SANTA  CLARA  —  Cisco  CEO 
John  Chambers  last  week  out¬ 
lined  his  company’s  goals,  chief 
among  them  to  exploit  voice  over 
IP  and  highlighted  its  biggest 
challenges,  notably  gaining  suc¬ 
cess  in  the  storage  market. 

Other  important  directions 
stated  by  Chambers  and  other 
executives  at  Cisco’s  annual  ana¬ 
lysts  meeting  included  moving 


key  products  off  their  current 
Windows-based  platforms  and 
onto  Linux,  and  building  better 
multifunction,  integrated  ASICs  to 
boost  system  reliability 
Conference  attendees  also 
were  given  peeks  at  new  prod¬ 
ucts.  One  was  an  application  for 
better  managing  multiservice 
blades  in  a  Catalyst  6500  chassis. 
Another  offering  promises  to 
make  video  calling  as  easy  as 
dialing  a  Cisco  IP  phone. 

The  CEO  discussed  the  compa¬ 
ny’s  six  advanced  technology 
See  Cisco,  page  12 
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Testers 


Dumb  defaults^?- 

Cisco  declines  to  address  security  issue, 
while  other  vendors  step  up  to  the  plate. 


■  BY  CHRISTINE  BURNS 

Network  World's  inaugural 
Tester’s  Challenge,  which  aired  on 
Nov.  17,  called  on  vendors  to  ad¬ 
dress  why  their  products  support 
unsecure  access  and  manage¬ 
ment  protocols  —  such  as  earlier 
versions  of  Secure  Shell,  SNMP 
and  HTTP  —  out  of  the  box. 

As  we  pointed  out,  with  proto¬ 
cols  such  as  SSH 1  enabled  by  de¬ 
fault,  it  is  easy  for  an  attacker  to  in¬ 
tercept  a  password  and  then 
I  change  the  device’s  configura¬ 


tion  or  even  shut  it  down. 

While  the  problem  is  wide¬ 
spread,  we  called  on  Cisco  as  the 
800-pound  gorilla  to  set  an  exam¬ 
ple  by  changing  this  practice,  and 
we  offered  the  company  this 
space  to  explain  its  position  in  its 
own  words.  Cisco  declined. 

In  an  interview,  the  company 
said  it  has  shipped  products  with 
SSP12  since  the  summer.  But  SSH  1 
is  still  the  default  setting.  (Since 
2001 ,  CERT  has  advised  against 
using  SSH  1.) 

See  Challenge,  page  8 


blue  Security  event  of  the  season: 

RIBBON  /^ppSight  wins  our  test  of  five  security  event  management  tools 
based  on  its  flexibility  and  interface.  Page  47. 
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>:  computing  periodically  for  the  latest  information  on  safe  and  effective  computing.  Warranty  Information:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0  Box  12195,  RTP,  NC  27709,  Attn. 
-  ji  es  no  representation  or  warranty  regarding  third-party  products  or  services.  'Prices  do  not  include  tax  or  shipping  and  are  subject  to  change  without  notice.  Reseller  prices  may  vary.  Requires  download  of  client  software 
•censors  feature  Intel  SpeedStep®  technology.  With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  311a,  11b  and  1 1  g  wireless  is  based  on  IEEE  802.11a,  802.11b  and  802.1 1g,  respectively.  An 
: : ....  •  ■  can  communicate  on  either  or  any  of  these  listed  formats  respectively;  the  actual  connection  will  be  based  on  the  access  point  to  which  it  connects.  ‘Software  may  differ  from  its  retail  version  (if  available)  and  may  not 
ogiam  functionality.  License  agreements  may  apply.  sFor  hard  drive,  GB  =  billion  bytes.  Accessible  capacity  is  less;  up  to  4GB  is  service  partition.  ‘Includes  battery  and  optional  travel  bezel  instead  of  standard  optical 
*  .  af»e  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  Thinness  may  vary  at  certain  points  on  the  system.  'Support  unrelated  to  a  warranty  issue  may  be  subject  to  additional  charges 


With  the  best  data  protection  available  on  a  wireless  notebook,  you  can 
work  where  you  like.  Knowing  there’s  a  power  looking  out  for  you. 

It’s  easy  to  work  wirelessly  when  you  choose  the  exceptional  performance  of  these  IBM 
ThinkPad®  notebooks  with  Intel®  Centrino™  mobile  technology.  You’ll  also  get  the  most 
secure  PCs  available.  Because  IBM  builds  in  an  extra  layer  of  protection  on  select  models 
for  passwords  and  documents,  making  it  extremely  tough  for  the  unauthorized  to  access 
your  vital  data.  No  one  else  offers  this  level  of  hacker-resistant  hardware  and  software 
security  as  a  standard  feature.  So  feel  free  to  go  where  the  mood  takes  you.  We’ll  be  right 

there  beswe  you  think  protection 

1  866  426-001 2  |  ibm.com/shop/m580 

__5ave  on  shipping.  Order  online.9 


IBM  recommends  Microsoft® 
Windows®  XP  Professional 
for  Business. 


NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0'  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino™  mobile  technology 

•  Intel  Pentium  M  processor  1 ,40GHz* 

•  Intel  PRO/Wireless  Network  Connection  802.11b 

•  Microsoft 5  Windows  XP  Professional’ 

•  14.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB'1  hard  drive 

•  Ultrabay™  Plus  CD-RW/DVD-ROM  combo 

•  IBM  UltraNav™  -  TrackPoint  and  touch  pad 

•  1-yr  system/battery  limited  warranty7 

$1,279*  ■  NavCode  289793U-M580 

Recommended  Option: 

•  ServicePac '  Service  Upgrade:3 
3-yr  Depot  Repair  #30L91 92  s132 


NEW!  IBM  ThinkPad  T41 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0’  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino  mobile  technology 

•  Intel  Pentium  M  processor  1.40GHz* 

•  Intel  PRO/Wireiess  Network  Connection  802.11b 
•Microsoft  Windows  XP  Professional 

•  14.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM 

•  NEW!  40GB  hard  drive  with-IBM  Hard  Drive 
Active  Protection  System 

•  Ultrabay  Slim  CD-RW/DVD-ROM  combo 

•  Only  1"  thin'  •  4  5-tb  travel  weight' 

•  1-yr  system/battery  limited  warranty' 


1 , 769 Na/Code  2378DHU-MS80 

Recommended  Option: 

•  ServicePac  Service  Upgrade: 

3-yr  0.nsft£ftepaic/9X5/Next  Business 
>019195  s243 


These  services  are  available  for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Service  period  begins  with  the  equipment  date  of  purchase.  If  the  machine  problem  turns 
out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM 
may  choose  to  perform  service  at  the  depot  repair  center.  ’Standard  shipping  included  when  you  order  online.  U.S.  only.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for 
photographic  or  typographic  errors.  All  IBM  product  names  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus 
Development  Corporation,  an  IBM  company.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  Intel  Celeron,  Intel  Centrino,  the  Intel  Centrino  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and 
other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp.  All  rights  reserved 
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Introducing  the  only  core  switch  platform  that  delivers  major 
breakthroughs  in  the  areas  of  scalability,  flexibility,  resiliency  and 
security.  The  BlackDiamond  10K  goes  beyond  the  expected  by 
delivering  the  industry’s  highest-density  10-Gigabit  and  Gigabit 
Ethernet.  In  addition,  4GNSS  technology  featuring  T-Flex 
programmable  ASICs  ensures  support  of  emerging  protocols 
without  costly  hardware  upgrades  —  offering  revolutionary 
investment  protection.  How’s  that  for  a  switch ? 


Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  web  at 

www.extremenetworks.com/go/1 0808.htm 


©  2003  Extreme  Networks,  Inc.  All  Rights  Reserved. 
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News 


■  8  Budgets  predicted  to  grow  to  build  better  networks. 

■  10  Retailers  shore  up  Web  sites  for  holiday  rush. 

■  10  Remote  access  alternative  comes  to  corporate  sites. 

■  14  Sarvega  takes  XML  acceleration  to  a  blade. 

■  16  Airespace  springs  access  point  with  a  twist. 

■  61  Old  Windows  versions  hanging  on. 


Infrastructure 

■  17  Nortel  lags  behind  10G 
curve. 

■  17  Novell  access  controls  get 
makeover. 


Opinions 

■  34  Editorial:  Looking  back 
at  our  2003  predictions. 

■  35  Daniel  Blum:  Shaping 
federation  standards. 


Round 


I  NETWORK  MANAGEMENT 
TOOLBOX 

Shopping  for  network  management  tools  for  the  holidays? 

We  tested  a  half  dozen  interesting  network  management  products  that  you  might  want  to  gift  wrap  for 
that  special  someone  in  your  IT  department.  Page  43 


Reviews 
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RIBBON 

SECURITY  EVENT  MANAGEMENT  fit 

ArcSight  edges  e-Security  in  our  comparative  test  of  security  event  management  tools.  Page  47 


■  18  Dave  Kearns:  Operating 
system  humor:  No  funny  business. 

Enterprise 

Applications 

■  21  Vendors  bulk  up  patch 
management. 

■  21  Tools  help  users  assess 
application  performance. 

■  24  Oracle  patches  Secure 
Sockets  Layer  server  bugs. 

■  24  Scott  Bradner: 

Rejecting  shopping  accounts. 

Service  Providers 


■  35  Thomas  Nolle: 

Preparing  for  life  beyond  VPNs. 

■  62  BackSpin:  What  to  do 
about  scumware? 

■  62  ’Net  Buzz:  An  experiment 
in  opting  out  generates  good  news 
and  bad. 

■  57  Career  classifieds. 

Management 

Strategies 

■  49  Fighting  spam  the  old-fash¬ 
ioned  way:  Supplement  technology 
with  policies  and  practices  that  help 
curtail  unwanted  e-mail. 


■  32  Keith  Shaw: 

Cool  tools,  gizmos  and 
other  neat  stuff 

2Wire's  new  gateways  increase  the 
reach  of  Wi-Fi  and  DSL  performance. 
Page  32. 


■  27  Special  Focus:  FTTP 
seen  making  major  inroads  next 
year. 


Technology 

Update 


■  31  Active  archiving  eases 
data  management. 

■  31  Steve  Blass:  Ask 

Dr.  Internet. 


■  27  C&Wbows  out  of  U.S. 
market:  Now  what? 


■  28  Johna  Till 
Johnson:  All  that  talk  of 
convergence  really  was  more 
than  hype. 


■  32  Mark  Gibbs: 

DesktopX  marks  the  spot. 
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Interactive 

Survey:  Favorite  product  names 

Weird,  wild,  descriptive,  silly  —  the  network  industry  has  many  product 
names  that  qualify  for  all-of-the-above  descriptions.  Can  you  tell  a  bona- 
fide  name  from  a  bogus  one?  DocFinder:  8825 

Cool  Yule  Tools 

Got  a  techie  on  your  list?  Head  online  to  search  more  than  120  cool 
products  in  our  holiday  gift  guide.  DocFinder:  8632 

News  the  way  you  want  it 

Track  just  the  technologies,  companies  and  authors  you’re  interested  in 
—  we’ve  got  more  than  60  different  R38  feeds.  DocFinder:  7442 

Seminars  and  events 


Gain  a  year’s  worth  of  VoIP  demos,  answers 
and  contacts  in  less  than  a  day 

Learn  the  hidden  benefits  of  converged  voice/data  networks,  advantages 
of  voice  services  over  wireless  networks,  techniques  for  creating  VPNs 
and  more  at  our  “VoIP:  IP  telephony  from  dollar  one  to  dollars  won,"  the 
free,  new  Network  World  Technology  Tour, 

DocFinder:  8945 


Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder  6342 
Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  6343 
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Columnists 

Compendium 

Linux  now  more  expensive  than  Windows? 

Fusion  Executive  Editor  Adam  Gaffin  points  to  a  draft  paper 
making  such  a  claim.  And  written  by  an  open-source  fan,  no 
less  DocFinder:  8940 

Wireless  Wizards 

Is  a  WLAN  like  a  time-share? 

James  in  Indiana  wants  to  know  how  having  multiple  users 
on  a  wireless  LAN  affects  bandwidth  sharing.  Does  everyone 
get  an  equal  percentage  of  available  bandwidth  or  do  they 
take  turns  using  the  whole  thing? 

DocFinder:  8941 

Telework  Beat 

Separate  but  equal? 

Net.Worker  Managing  Editor  Toni  Kistner  looks  at  how  the  fed¬ 
eral  Office  of  Personnel  Management  is  struggling  to  create 
parity  between  teleworkers  and  in-office  workers, 

DocFinder:  8942 

Small  Business  Tech 

Year-end  reflections 

Columnist  James  Gaskin  names  the  best  product  of  2003 
and  shares  his  predictions  for  2004.  DocFinder:  8943 

Home  Base 

PR  on  the  cheap 

Columnist  Ron  Miller  examines  how  one  software  company 
uses  a  news  aggregator  and  RSS  to  track  its  company  buzz. 

DocFinder:  8944 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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Former  WorldCom  CEO  Sidgmore  dies 

■  John  Sidgmore,  the  Internet  pioneer  and  former 
WorldCom  executive  who  steered  the  company  as 
it  emerged  from  a  multi-billion-dollar  accounting 
scandal,  died  of  cancer  last  week  at  the  age  of  52. 
Sidgmore  became  chairman  and  CEO  of  World¬ 
Com,  now  known  as  MCI,  after  the  previous  CEO 
Bernard  Ebbers  resigned  in  April  of  last  year  amid  scrutiny  of  his 
involvement  in  the  company’s  mounting  financial  woes.  Sidgmore 
led  the  company  as  it  filed  for  bankruptcy  He  then  aided  the  com¬ 
pany  in  a  search  for  his  replacement,  and  in  November  of  last  year 
was  succeeded  as  chairman  and  CEO  by  former  HP  President 
Michael  Capellas.  Before  heading  the  telecom  giant,  Sidgmore  was 
CEO  of  ISP  UUNET. 

AT&T,  Qwest  launch  VoIP  services 

■  AT&T  last  week  said  it  is  aggressively  expanding  its  voice-over-IP  services  with  a  new 
focus  on  consumers.  While  the  carrier  has  offered  VoIP  services  to  some  business  cus¬ 
tomers  since  1997,  under  a  new  initiative  AT&T  said  it  would  expand  its  VoIP  business  ser¬ 
vices  worldwide  and  begin  offering  new  services  to  U.S.  consumers  next  year.  The  VoIP 
push  is  meant  to  target  the  growing  number  of  broadband  Internet  users  who  are  looking 
to  simplify  their  voice  and  data  communication  by  running  them  over  one  network,  AT&T 
said. The  company  added  that  it  has  had  a  fourfold  increase  in  business  VoIP  customers 
this  year,  and  recent  trials  also  have  shown  a  growing  demand  in  the  consumer  market. 
Meanwhile,  Qwest  appears  to  be  the  first  regional  Bell  operating  company  to  offer  a  resi¬ 
dential  VoIP  service  —  to  DSL  customers  in  Minneapolis-St.  Paul.  Qwest  announced  inten¬ 
tions  to  do  so  last  month  and  turned  up  the  service  last  week. 

Survey  shows  more  Linux  momentum 

■  A  recent  SG  Cowen  survey  of  more  than  500  North  American  IT  users  found  that  more 
than  80%  of  respondents  use  Linux  and  that  more  than  half  plan  to  increase  their  use 
of  the  open  source  operating  system  within  the  next  two  years.The  survey,  which  also 
found  a  growing  interest  in  other  open  source  software  in  areas  such  as  application 
servers,  e-mail  and  database  systems,  concluded  that  Linux  will  change  the  landscape 
in  corporate  data  centers  as  it  steals  workload  share  away  from  both  Unix  and  Windows 
systems.  But  the  reports  authors  say  that  hurdles  remain  for  Linux,  including  the  possi- 
‘  Tty  that  the  market  could  fragment  as  the  Unix  market  did,  with  commercial  vendors 
adding  middleware,  services  and  support  to  differentiate  their  Linux  offerings. 
‘  vertheless,  Linux  will  continue  to  make  inroads  in  corporate  adoption,  especially  in 

1 .  The  main  reasons  for  turning  toward  Linux  were  reliability,  scalability  and  lower 
cost, the  survey  found. 
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.wing  USB  duck 

Aurage  device  holds  up  to  16M  bytes  of  stuff.  But  who  cares?  You're 
w-:-s,  ’use  it  s  shaped  like  a  duck  -  and  glows  when  you  plug  it  in. 

bi  '(iw  and  blue.  Find  out  if  it  is  all  it  is  quacked  up  to  be  at 

u'u\n<  DocFinder:  8939. 


y>  That’s  the  ticket  Now  here’s  a  REALLY  good  use  of  technology.  A 
Jersey  City,  N.J.,  man  earlier  this  month  renewed  his  car  registration  online  while 
being  written  up  by  a  police  officer  for  having  an  expired  registration,  according 
to  the  Associated  Press.  The  quick-thinking  driver  called  a  friend  by  cell  phone  and 
had  him  renew  the  registration  over  the  Internet.  The  move  didn't  nullify  the  ticket, 
but  did  keep  the  car  from  being  towed. 


China's  WLAN  standard  raises  eyebrows 


ATMs,  too?  Recent  reports  last  week  that  automated  teller  machines  running 
Windows  XP  Embedded  were  infected  by  the  Nachi  worm  this  summer  can't  be 
anything  but  bad  news  for  anyone  involved,  especially  bank  customers.  It’s  also 
worth  noting  that  the  maker  of  the  ATMs,  Diebold,  is  at  the  center  of  a  controvery 
over  security  lapses  with  touch-screen 
voting  machines. 


Not  making  the 

grade.  Talk  about  setting 
a  bad  example.  The  latest 
computer  security  report 
card  from  a  congressional 
oversight  committee  gave 
the  federal  government 
a  D  (though  on  the 
bright  side,  it  beats 
last  year’s  F). 

Fourteen  agencies 
scored  below  a  C, 
and  eight  failed.  > 


■  The  Chinese  government  has  settled  on  a  policy  that  wireless  LAN  equipment 
made  in  China  and  sold  for  use  there  must  implement  a  Chinese  standard  called  Wired 
Authentication  and  Privacy  Infrastructure.  The  policy  requires  WAPI  encryption  and 
authentication  security  in  WLAN  products  in  China  by  June  2004 .'Some  large  WLAN 


equipment  manufacturers  in  the  U.S.,  including  Cisco,  say  they  have  not  found  it  easy 
to  get  details  about  the  standard. The  Chinese  government  is  allowing  the  encryption 
technology  to  be  shared  only  through  designated  Chinese  companies,  some  of  which 
are  direct  competitors, such  as  Huawei  Technologies.  A  leading  U.S.  encryption  expert, 
Bruce  Schneier,  says  he  hasn’t  seen  the  Chinese  standard  but  added  that  U.S.-based 
attempts  for  WLAN  security  standards  have  been  “so  robustly  bad”  that  if  the  Chinese 
standard  “turns  out  to  be  good,  we  might  want  to  adopt  it  in  the  West.”  Traditionally, 
encryption  and  key-management  standards  have  been  openly  published  —  unless 
they  are  deemed  to  have  military  value. 


Yahoo  plugs  e-mail  security  hole 

■  Yahoo  last  week  took  steps  to  plug  a  security  hole  in  its  Web-based  e-mail  service, 
which  would  have  allowed  anyone  to  automatically  launch  a  worm  or  malicious 
mobile  code  attack  upon  the  recipients  opening  of  an  e-mail  message. The  so-called 
malicious  Script  Execution  flaws  were  identified  by  security  firm  Finjan  Software, 
which  said  the  script  could  be  written  in  various  languages,  including  Java,  JavaScript, 
VB  Script,  Active  X  and  HTML.  Malicious  code  attacks  based  on  this  could  be  used  to 
steal  usernames  and  passwords,  credit  card  numbers  and  other  information  the  user 
might  input  into  the  computer,  and  expose  restricted  parts  of  a  LAN  to  the  public, 
according  to  Finjan.  A  Yahoo  spokeswoman  last  week  said  Yahoo  had  been  informed 
of  the  issue  related  to  Yahoo  Mail  on  Nov.  1 1  and  had  completed  a  server-side  fix  that 
did  not  require  users  to  take  any  action. 


V  ® 


I kk,  n.J"" 


ODDS  ARE  AN  ENTERPRISE 
SOLUTION  ISN'T  EXACTLY  WHAT 
YOU  NEED  RIGHT  NOW. 


Beat  the  odds  with  Small  and  Medium 
Business  security  from  Trend  Micro. 

Trend  Micro,  the  global  leader'  at  the  gateway,  delivers  the  only  antivirus  and 
content  security  solutions  created  specifically  for  small  and  medium  businesses 
Why  settle  for  costly  enterprise  or  bundled  products  when  you  can  get  a 
purpose-built  anti-Spam  and  antivirus  product  designed  to  grow  with  your 
business?  You  focus  on  building  your  business.  We'll  focus  on  protecting  it. _ 
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•  orecasts:  IT  budgets  set  to  grow 


Crystal  ball 


Analyst  firms  see  brighter  days  ahead  for  IT  spending.  They  say  cost  will  still  be  a  big 
factor  in  2004,  but  that  purse  strings  are  loosening  when  it  comes  to  bringing  in 
innovative  technology. 


Servers 

Wireless 

Offshore  outsourcing 

Forrester 

Blades  and  Linux  adoption 
to  increase. 

5%  increase  in  mobile  and 
wireless  spending. 

Will  hinder  IT  hiring. 

Gartner 

Virtualization  will  become 
critical. 

Wireless  LANs  will  top 
shopping  lists. 

Becomes  inexpensive  option 
for  cost  cutting. 

IDC 

Software  will  become 
standardized. 

Enterprise  Wi-Fi  will  remain  in 
test  beds,  but  public  hot  spots 
will  increase. 

Expected  to  double  in  the  IT 
service  market. 

Summit 

Strategies 

Microsoft  will  fight  off 
competing  Linux  products. 

Mobile  computing  will  be  pulled 
more  into  enterprise  nets. 

Consultants  and  systems 
integrators  will  lose  business. 

■  BY  DENISE  DUBIE  AND 
JENNIFER  MEARS 

The  leading  high-tech  industry 
watchers  forecast  that  2004  will 
see  the  most  significant  increase 
in  IT  spending  in  more  than  three 
years,  but  don’t  go  looking  for 
double-digit  growth  projections. 

“The  tech  recession  is  over,  but 
it’s  not  gone,"  says  Andrew  Bar¬ 
tels,  a  vice  president  at  Forrester 
Research  .“We’re  looking  at  much 
more  measured,  much  more 
return-based  investment  deci¬ 
sions  than  in  the  past.” 

IDC  is  the  most  optimistic,  with 
an  estimate  of  6%  to  8%  IT  budget 
growth  for  2004,  and  Forrester  fig¬ 
ures  budgets  will  rise  about  4% 
on  average.  In  October,  Gartner 
reported  that  IT  budgets  were 
expected  to  increase  by  about  5% 
next  year.  Merrill  Lynch  and 
Goldman  Sachs  surveys  of  IT  cus¬ 
tomers  show  1%  to  3%  increases. 

Yet  the  research  groups  say 
purse  strings  could  loosen  if  the 
economy  gets  off  to  a  good  start 
next  year. 

“It’s  normal  practice  to  enter 


the  new  year  with  cautious  esti¬ 
mates,”  says  Bartels,  whose  firm’s 
survey  of  820  North  American 
companies  found  that  about 
one-third  of  them  plan  to  spend 
more  on  IT  next  year  than 
this  year. 

Expect  to  see  much  of  the 
money  spent  on  data  center 
improvements,  such  as  in  server 
and  storage  upgrades,  virtualiza¬ 
tion  software,  security  and  disas¬ 
ter  recovery,  analysts  say 

“Three  years  of  IT  spending 
on  ice  means  aging  infrastruc¬ 
ture, "says  Frank  Gens,  IDC  senior 
vice  president.  “An  improving 
corporate  profits  picture  will 
see  some  refreshing  of  basic  IT 
infrastructure.” 

Server  and  client  hardware 
replacements  are  overdue,  ana¬ 
lysts  say.  Server  blades  are  set  to 
catch  on  in  greater  numbers. 
Sales  of  blades,  which  grew  only 
1%  through  the  third  quarter  vs. 
the  first  three  quarters  of  last  year, 
but  IDC  expects  full-year  sales  will 
increase  6%  over  last  year. 

As  for  computers  and  periph¬ 
eral  equipment,  Forrester  found 


that  IT  users  plan  to  spend  about 
$84  billion  in  2004,  up  9%  from 
the  $77  billion  spent  on  PCs 
in  2003. 

On  the  software  side,  Linux  will 
continue  to  give  Windows  a  big¬ 
ger  push,  especially  as  IBM  and 
other  Linux  backers  roll  out 
more  products,  analysts  say.  An 
SG  Cowen  survey  of  more  than 
500  IT  users  found  that  70%  of 
Linux  users  planned  to  increase 


their  use  of  Linux  in  the  data 
center,  while  only  39%  of  Win¬ 
dows  users  planned  to  increase 
workloads  and  10%  actually 
planned  to  decrease  Windows 
deployments. 

“In  the  past,  Linux  growth  was  at 
the  sake  of  Unix.  In  2004,  it  will  be¬ 
come  more  of  a  threat  to  Win¬ 
dows,”  says  Laurie  McCabe,  a  vice 
president  at  Summit  Strategies. 
“Microsoft  is  betting  that  cus¬ 


tomers  will  use  what  is  there 
instead  of  seeking  competitive 
solutions.” 

In  updating  their  operating  sys¬ 
tems  or  moving  to  new  ones,  cus¬ 
tomers  are  expected  to  push  for 
more  flexible  licensing.  Many  are 
still  sore  over  Microsoft’s  recent 
licensing  changes.  But  40%  in 
Forrester’s  study  said  Windows 
upgrades  will  be  a  priority 
next  year. 

McCabe  says  software  vendors 
will  adopt  pay-for-use  models 
that  adapt  to  a  dynamic  comput¬ 
ing  environment.  For  example, 
customers  could  deploy  a  data¬ 
base  and  an  application  server 
on  a  four-processor  machine  but 
later  scale  it  to  eight  processors 
on  demand  and  be  charged 
accordingly 

Gartner  says  server  and  storage 
virtualization  software,  programs 
that  let  computing  resources  be 
used  more  efficiently  to  run 
applications  and  operating  sys¬ 
tems,  will  gaio  more  converts. 

“Good  economy  or  bad  econ¬ 
omy,  anything  that  you  as  an  IT 
operations  director  can  do  to 
make  your  environment  more 
efficient  has  tremendous  pay¬ 
back,  and  so  there  is  tremendous 
interest  in  looking  at  new  pro¬ 
cesses  [and]  at  new  vendors  with 
innovative  solutions,”  says  Mike 
Chuba,  vice  president  and  re¬ 
search  director  at  Gartner. 

Forrester  says  2004  also  could 
be  the  year  in  which  more  com¬ 
panies  buy  into  technologies 
such  as  wireless  LAN  and  voice- 
over-IPStill, investment  in  network 
equipment  is  expected  to  rise 
only  modestly: 

Forrester  found  in  its  survey  that 
spending  on  communications 
equipment  is  planned  to  be 
about  $88  billion,  up  2%  from  this 
year’s  total.B 


Challenge 

continued  from  page  1 

Tom  Russell,  director  of  marketing  for  VPN 
and  security  services  at  Cisco,  said  shipping 
SSH2  as  a  default  setting  could  disrupt  some 
users  who  are  not  looking  for  that  level  of 
security.  One  example  would  be  customers 
who  use  scripts  to  automate  configuration 
and  management  on  Cisco  routers. 

“Cisco  usually  does  get  it  about  security,  but 
this  SSH  issue  is  a  big  exception,”  says  David 
Newman,  president  of  Network  Test  of  West- 
lake  Village,  Calif.,  author  of  the  Tester’s  Chal¬ 
lenge  and  a  member  of  the  Network  World 
Global  Test  Alliance. 

A  user  participating  in  our  online  forum 
agrees.“l  find  it  infuriating  that  1  have  to  con¬ 
nect  to  my  P1X  firewall  with  an  older  version 
of  SSH  or  telnet.  For  crying  out  loud  this  is  my 
firewall  you  are  talking  about!”  he  says. 

Van  Dyke  Software,  which  sells  SSH  com¬ 
mercial  products,  offers  only  SSH2  in  its  serv¬ 
er  products.  “There  are  so  many  issues  with 
SSH1,”  says  VanDyke  spokesman  Marc  Or- 
unt.  It’s  easily  hacked  and  has  critical  per- 
formance  issues,  he  adds. 

phil  Kwan,  director  of  enterprise  applica- 
■  as  at  Foundry  says  upgrading  to  SSH2  is  a 
•r  undertaking  for  a  company  with  legacy 
‘i  "You've  got  this  big  chunk  of  code  that 
ving  to  jam  on  a  router  that  is  6  to  7 
1 1  You  re  going  to  have  serious  memory 
*  Kwan  says.  He  says  it’s  under- 
•  i-  hie  that  an  SSH2  up- 
'  might  get  put  on  the 


Because  Tester’s  Challenge  is  intended  to 
push  the  industry  to  address  pressing  issues, 
we  checked  with  some  of  Cisco’s  competitors 
—  Blue  Coat  Systems,  Check  Point,  Dell,  Ex¬ 
treme  Networks,  ForcelO  Networks,  Foundry 
Networks,  NetScreen  Technologies  and  Nor¬ 
tel  —  to  see  how  they  treated  this  issue  of 
unsecure  default  settings. 

The  good  news  is  that  the  industry  is  gener¬ 
ally  moving  toward  strongly  encrypted  ac¬ 
cess  to  network  devices.  For  example: 

•  Foundry  is  upgrading  to  SSH2  across  its 
product  line  and  will  ship  that  support  some¬ 
time  in  the  first  quarter  of  next  year. 

•  When  Blue  Coat  released  its  ProxySG  3.0 
secure  proxy  appliance  in  August,  it  secured 
all  administrative  access  to  the  box  by  turn¬ 
ing  on  SSH2  and  Secure  Sockets  Layer 
(SSL)/Transport  Layer  Security  by  default 
and  by  turning  off  HTTP  telnet  and  SNMP  by 
default. 

•  Dell  ships  all  its  PowerConnect  3300  series 
and  Managed  Switches  with  five  in-band 
management  capabilities:  HTTP  Secure- 
HTTP  telnet,  SSH2,  SNMP  versions  1  and  2. 
Dell  will  offer  SNMP  3.0  support  in  a  firmware 
upgrade  scheduled  for  next  summer.  How¬ 
ever, all  in-band  management  options  are  dis¬ 
abled  by  default  and  need  to  be  turned  on 
by  the  network  administrator. 

•  By  default,  Check  Point  products  exclu¬ 
sively  use  SSH2  for  command-line  manage¬ 
ment.  Check  Point  Stateful  Inspection  can  dis¬ 
tinguish  between  SSH  versions  and  allow 

access  only  for  SSH2  traffic. 

•  Extreme  supports  SSH2  on 
all  its  products.  But  Extreme  offi¬ 


cials  say  that  because  of  federal  export  regu¬ 
lations,  the  company  has  to  verify  your  identity 
before  they'll  let  you  download  it.  Extreme’s 
EPICenter  management  tool  can  be  config¬ 
ured  to  run  batch  commands  on  groups  of 
switches  using  SSH2.  Likewise,  Extreme  offers 
SNMP  3.0  across  its  products  and  limits  brows¬ 
er-based  access  to  its  gear  to  limited  jump-start 
capabilities. 

•  NetScreen  added  SSH2  support  to  its 
underlying  operating  system  with  the  release 
of  ScreenOS  last  month. 

Neither  versions  of  SSH  is  enabled  by 
default.  When  a  user  enables  it  on  a  new 
device,  it  defaults  to  SSH2.  If  upgrading  an 
old  device  that  previously  ran  SSHl.a  user 
must  manually  choose  to  run  SSH2. 

•  Nortel  has  a  mandate  to  provide  SSH2, 
SNMP  3.0  and  SSL  encryption  for  Web  access 
across  its  product  lines.  Nortel’s  products  are  in 
various  stages  of  compliance  with  this  policy 

•  ForcelO  says  it  provides  a  variety  of  secur¬ 
ity  features  out  of  the  box  in  its  switches  and 
routers.  For  example,  by  default  a  limit  is  set  on 
the  amount  of  traffic  that  is  sent  to  the  CPUs, 
preventing  a  virus  from  flooding  the  switch 
/router. The  company  also  has  enabled  a  real¬ 
time  editor  as  default  to  allow  network  opera¬ 
tors  to  update  access  control  lists  on  the  fly 

In  light  of  its  competitors  taking  steps  toward 
shipping  products  with  secure  default  settings, 
we’d  still  like  to  hear  from  Cisco  that  it’s  plan¬ 
ning  to  step  up  to  the  plate  on  this  issue. 

Network  World  Senior  Editor  Ellen  Messmer 
and  Senior  Writer  Phil  Hochmuth  contributed 
to  this  story. 
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Only  Avocent  gives  you  complete  Click  and  Connect7 
control  of  your  data  center  —  all  from  a  single  screen 


Now  you  can  see  what’s  really 
happening  in  your  data  center. 
Avocent’s  DS  Series  lets  you 
access,  maintain  and  troubleshoot 
all  your  servers  and  serial  devices 
over  I P  -  no  matter  where  you  are, 
even  over  a  browser.  Authenticate 
once  and  control  it  all. 


Download  your  free  whitepaper, 
Remote  Data  Center  Control  to  see 
how  you  can  gain  BIOS-level  server 
control,  centralized  authentication 
and  integrated  power  management 
of  your  entire  data  center. 

www.avocent.com/reality8 


Get  real,  get  the  best  KYM  over 
IP  solution  available  today.  The 
Avocent  DS  Series. 
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Avocent 

The  Power  of  Being  There, 
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Retailers  shore  up  Web  sites  for  holidays 


■  BY  ANN  BEDNARZ 

While  the  holiday  season  tradi¬ 
tionally  provides  a  key  revenue 
surge  for  retailers,  it’s  also  a  prime 
time  for  fraud. 

“The  amount  of  fraud  that  we 
see  is  mind-boggling,”  says  Ken¬ 
neth  Sayers,  director  of  credit  for 
PC  Mall,  an  $853  million  retailer 
in  Torrance,  Calif.,  that  sells  hard¬ 
ware,  software  and  consumer 
electronics,  primarily  through 
mail  order  and  Web  sites. 

In  November,  PC  Mall  stopped 
$1.1  million  worth  of  fraudulent 
orders,  bringing  its  yearly  total  to 
$10.8  million.  Last  year,  PC  Mall 
stopped  $7.3  million  in  fraudu¬ 
lent  orders. 

The  company’s  Web  site  is  a 
prime  target  for  criminals.  While 
Internet  orders  account  for  25% 
of  PC  Mali’s  business,  they  gener¬ 
ate  90%  of  fraud  attempts,  he  says. 

Internet  fraud  is  a  widespread 
problem  for  retailers.  Based  on 


results  of  its  annual  survey  of 
e-commerce  crime,  security 
company  CyberSource  estimates 
online  crooks  will  make  away 
with  $  1 .6  billion  of  2003  U.S.  busi- 
ness-to-consumer  e-commerce 
revenue. 

However,  the  potential  for  fraud 
is  but  one  caution  during  what  so 
far  looks  to  be  a  strong  online 
holiday  shopping  season.  Other 
issues,  such  as  Web  site  perfor¬ 
mance,  also  are  keeping  retailers 
on  edge.  Still,  Forrester  Research 
predicts  online  sales  from 
Thanksgiving  to  Christmas  will 
grow  by  42%  over  last  year  to 
$12.2  billion. 

Meanwhile,  money  lost  to  fraud 
threatened  to  wipe  out  the  opera¬ 
tional  savings  PC  Mall  achieves 
with  its  Web  business.  “The  cost 
savings  we  were  seeing  from  hav¬ 
ing  an  Internet  site  where  cus¬ 
tomers  can  place  orders  without 
human  intervention  —  we  were 
losing  those  savings  on  the  back 


end  to  fraud,” Sayers  says. 

To  combat  this,  PC  Mall  has 
honed  over  the  last  two  years  a 
three-tier  system  for  catching 
fraudulent  orders.  Its  first  line  of 
defense  is  a  service  from  Cyber- 
Source  that  screens  orders  for 
suspicious  entries,  such  as  geo¬ 
graphically  mismatched  cus¬ 
tomer  information  —  an  overseas 
IP  address  with  a  U.S.  billing 
address,  for  example. The  second 
and  third  tiers  of  PC  Mali’s  strat¬ 
egy  depend  on  in-house  systems 
that  compare  incoming  orders 
with  historical  fraudulent  and 
legitimate  transactions. 

The  retailer  is  on  track  to  re¬ 
duce  its  losses  this  year,  Sayers 
says.  Last  year  the  company  lost  a 
little  more  than  $1  million  in 
fraudulent  orders  that  it  didn’t 
catch  in  time.  This  year,  the  com¬ 
pany  has  kept  its  losses  to  about 
$750,000. 

“We’re  definitely  seeing  huge 
improvements,”  Sayers  says.  He 


Who  needs  malls? 

Nearly 

one-third 

of  consumers  shopped 
online  over  the  long 
weekend  after  the 
Thanksgiving  holiday,  the 
ceremonial  kickoff  to  the 
holiday  season, 
according  to  a  survey 
BIGresearch  conducted 
for  the  National  Retail 
Federation. 


attributes  this  not  only  to  technol¬ 
ogy  but  also  to  training.“We  keep 
on  top  of  fraud  trends  and  do  a 
lot  of  staff  training,”  he  says. 

Keeping  Web  site  performance 
up  to  snuff  is  another  ongoing 


battle  for  retailers. 

These  days,  online  shopping 
sites  are  straining  under  the  holi¬ 
day  load,  according  to  Keynote 
Systems.  The  company’s  E-Com- 
merce  Transaction  Performance 
Index  shows  major  online  shop¬ 
ping  sites  experienced  perfor¬ 
mance  problems  during  the 
week  beginning  Dec.  l  .The  index 
—  which  measures  the  response 
time  and  success  rate  for  execut¬ 
ing  a  typical  multistep  online  re¬ 
tail  transaction  on  13  of  the  most 
active  e-commerce  sites  (such  as 
Amazon,  Best  Buy  Target  and  Wal- 
Mart)  —  dipped  at  times  during 
the  week  to  as  low  as  80%  success 
rate,  meaning  that  consumers 
could  complete  only  eight  out  of 
10  transactions. 

AMR  Research  warns  that  to¬ 
day’s  demanding  Internet  shop¬ 
pers  expect  service  to  be  better 
than  or  equal  to  their  in-store 
experience,  and  overtaxed  retail 
IT  operations  might  not  be  up  to 
the  challenge. 

Last  year,  almost  20%  of  online 
customers  surveyed  reported  a 
negative  experience  with  at  least 
one  site  and  said  they  would  not 
return  to  that  site.  Consumer  dis¬ 
satisfaction  puts  at  risk  between 
$4  billion  and  $5  billion  of  online 
retail  sales  in  November  and 
December,  according  to  the 
research  firm. 

Urban  Outfitters  found  its  Web 
site  wasn’t  up  to  par,  so  the 
Philadelphia  retailer  invested  in 
caching  software  from  Warp 
Technology  to  speed  perfor¬ 
mance. 

“We  always  knew  we  had  a  bot¬ 
tleneck,”  says  David  Hayne.a  mar¬ 
keting  coordinator  at  Urban  Out¬ 
fitters  who  is  responsible  for  the 
retailer’s  Web  site  technology  The 
company’s  Web  application 
servers  have  to  refer  to  a  back¬ 
end  product  database  —  which 
was  not  designed  to  handle  Web 
processing  —  to  display  pages, 
Hayne  says.  The  process  slowed 
Web  page  views  considerably. 

This  spring  Urban  Outfitters 
tackled  the  bottleneck  with 
Warp’s  SpiderCache  software, 
which  caches  Web  pages  that 
need  to  refer  most  often  to  the 
retailer’s  back-end  server.  So  far, 
Urban  Outfitters  has  seen  its  Web 
page  display  speeds  increase  by 
40%  and  its  total  page  views 
increase  by  58%,  Hayne  says.  Page 
views  have  jumped  dramatically 
now  that  it’s  easier  and  less  frus¬ 
trating  for  customers  to  browse 
Web  content,  he  says.B 


Remote  access  finds  another  option 


A  better  VPN? 


IP  Dynamics’  VCNpro  software  provides  an 
alternative  to  SSL  and  IPSec  remote  access. 


A  remote  laptop  with  VCNpro  software  running  authenticates  to  the  VCN  Manager  server  at  a  corporate 
site.  VCN  Manager  returns  the  IP  address  of  the  Network  Route  Director  (NRD)  —  another  part  of  IP 
Dynamics’  package  —  and  the  IP  address  and  firewall  ports  needed  to  access  the  file  server  being  sought. 


The  laptop  addresses  traffic  bound  for  the  file  server  to  the  NRD 
that  has  been  maintaining  a  connection  with  the  server  through  the 
firewall.  The  packet  includes  the  IP  address  of  the  firewall  and  the 
ports  available  to  reach  the  target  server  within  a  payload  header. 


The  NRD  readdresses  packets  from  the  remote 
laptop  using  information  contained  in  the  packet 
header,  completing  the  remote  user’s  connection. 


■  BY  TIM  GREENE 

IP  Dynamics  is  announcing  an 
enterprise  network  version  of  its 
carrier-class  software  that  creates 
secure  connections  over  the 
Internet  —  an  alternative  to  Secure 
Sockets  Layer  and  IP  Security 
remote-access  technologies. 

The  software,  called  VCNpro,  is 
similar  to  SSL  and  IPSec  options 
in  that  it  lets  remote  computers 
connect  with  corporate  sites, 
encrypting  traffic  so  it  remains 
confidential. 

However,  it  differs  by  encrypting 
connections  directly  between  end 
machines  rather  than  via  a  gate¬ 
way  It  also  requires  no  reconfigu- 
lation  of  network  address  transla¬ 
tion  devices  as  does  IPSec. 

Unlike  SSL  remote  access, 

VCNpro  requires  custom  software 
on  each  end  machine  that  can  be 
downloaded  as  an  executable.  SSL  remote-access  gear  relies  on  stan¬ 
dard  Web  browsers  to  initiate  connections. 

SBC  uses  IP  Dynamics’  carrier-grade  software,  called  Secure  VCN,  to 
pport  a  managed  VPN  service. 

i'  ;e  IP  Dynamics  package  defines  virtual  networks  via  a  single  server, 
id  users  can  be  invited  to  join  the  network  by  e-mail.To  connect 
•  \  rtual  network,  they  download  software  called  a  member  agent. 
h  •<  ;  software  included  in  VCNpro  supports  central  administration  of 
H>-  '  and  policies  (see  graphic, above). 

s  \  i  create  a  network  and  controlled  access  to  a  well-defined 
:  o'  K  id,  als  and  resources," says  Richard  Ptak.a  partner  with  con¬ 
sultancy  I  dak  Noel  &  Associates. 

'  .  '  is  more  i  >  a  competitor  to  IPSec  than  SSL,says  Dave  Kosiur, 


an  analyst  with  Burton  Group.  SSL  remote  access  requires  no  client  ex¬ 
cept  a  Web  browser  for  some  access,  and  Active  X  or  Java  downloads 
that  the  end  user  is  unaware  of  for  others,  he  says. 

IPSec  is  more  complex  than  VCNpro,  requiring  the  distribution  of 
client  software  to  end  machines,  configuring  firewalls  to  allow  traffic 
through  to  an  IPSec  gateway  and  updating  all  gateways  each  time  a 
policy  or  gateway  is  added  to  the  VPN,  Kosiur  says. 

But  IPSec  is  actually  part  of  VCNpro.  Payloads  are  encrypted  using 
IPSec  by  member  agents  on  sending  and  receiving  machines. 

VCNpro  can  cost  more  than  some  alternatives.  For  example,  a  pack¬ 
age  supporting  150  users  costs  $13,500.  A  Neoteris  Employee  Access 
SSL-based  appliance  for  150  users  costs  $10,000. 

A  VCNpro  package  for  5,000  users  costs  $325,000.  ■ 


POWER 


The  industry's  only  patent-pending,  network-critical  phys¬ 
ical  infrastructure  (NCPI),  InfraStruXure  significantly 
decreases  the  total  cost  of  ownership  through: 


Accelerated  Speed  of  Deployment 

Electrical/physical  modularity  allows  for  rapid 
installation  with  minimal  engineering. 


Minimized  Human  Error 

Simplicity  of  design  and  intelligent  modules  increase 
system  availability  by  mitigating 
human  error  -  the  #1  cause  of  downtime. 


Open,  adaptable  and  integrated 
.  architecture  for  on-demand 

Deloitte  On  network-critical  physical  infrastructure 

InfraStruXure  "  AIR 

"A  PC  had  the  plan  of  building  air  conditioning  systems 
in  the  rack.  In  a  traditional  data  center,  you  always  have 
racks  which  are  totally  filled  with  CPUs  and  which  become 
very  hot.  Then  you  have  racks  which  are  not  deployed  at  all. 

To  manage  the  energy,  the  warmth  and  the  consumption  of 
electricity  in  those  racks,  we  believe  that  with  APC  we 
have  found  the  right  solution. 


Find  Out 
the  Secrets 
of  Real-time 
Infrastructure! 


View  the  Deloitte  case 
study  video. 

Download  white  papers 
of  your  choice  on  optimal 
real-time  infrastructure. 


Deloitte  is  only  one  of  the  latest  partners  benefiting 
from  InfraStruXure 's  open,  adaptable,  and  integrated 
approach  to  data  center  design. 


InfraStru/we 
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POWER  RACK  AIR 


Eric  Ubels,  CIO,  and  Guus  van  Velzen,  Principal  Architect 

Deloitte 
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Experts  and  Editors  agree... 


...solid  performance  and  price  lead  us 
to  give  InfraStruXure ”  a  score 
of  10  for  value  -  a  score  neither  one 
of  us  have  ever  awarded  before. " 


...availability  and  monitoring  features 
equal  its  battery  room-sized 
competition  at  half  the  cost... ' 


Oliver  Rist,  Senior  Contributing  Editor 
Brian  Chee,  Industry  Expert 

InfoWorld  9/01/03 


Tom  Henderson,  Global  Test  Alliance 

Network  World  8/1 9/02 


Quick  Fault  Recovery 

Compartmentalize  potential  failures  with 
intelligent,  maintainable  modules. 

Modularity  for  Ease  of  Growth 

Pay  as  you  grow  and  redeploy  modular 
components  as  needed. 

Find  out  how  you  can  benefit  from  InfraStruXure 's 
innovative  architecture.  Visit  us  today  at  www.apc.com 


Deloitte  on 

InfraStruXure  "  Benefits 

"We  have  also  enhanced  our 
security,  systems  stability 
optimization,  time  to  market 
and  office  operations. 

With  InfraStruXure m, 
you  can  get  it  right  in  one 

attempt. " 


Visit  http://promo.apc.com 
Enter  Key  Code  o824y 
Call  B88-289-APCC  x3044 


Legendary  Reliability® 
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Cisco 

continued  from  page  1 

areas,  which  include  IP  telephony 
security  storage,  optical,  wireless 
and  home  network  products. 
Each  of  these  businesses  has  the 
potential  to  grow  to  $1  billion  in 
revenue  for  the  company  Chamb¬ 
ers  said. 

IP  telephony  is  one  advanced 
technology  that  could  be  at  the 
brink  of  hitting  this  goal.  This  is 
because  most  PBXs  in  corporate 
networks  are  about  9  years  old, 
on  average,  he  said,  and  upgrad¬ 
ing  from  traditional  PBXs  to  IP 
PBXs  is  a  foregone  conclusion 
among  many  IT  executives. 

“IP  telephony  is  one  of  those 
applications  that  probably  in 
many  [corporations]  architec¬ 
turally  has  already  been  de¬ 
cided,”  Chambers  said. 


vendors, such  as  EMC,  Hitachi,  HP 
IBM,  Network  Appliance  and 
Veritas  Software. 

But  storage  also  was  highlight¬ 
ed  as  one  of  Cisco’s  biggest  chal¬ 
lenges  among  the  advanced 
technologies.  In  a  separate  pre¬ 
sentation,  Cisco  showed  that  the 
firm  had  only  about  7%  market 
share  in  the  total  storage  switch 
market. 

“Storage  will  be  bump^’  Cham¬ 
bers  said.“When  you  move  into  a 
new  market,  it  takes  some  time  to 
get  down  all  the  necessary  man¬ 
ufacturing  and  channel  aspects 
and  processes  up  to  speed.” 

On  enterprise  IT  spending, 
Chambers  said  large  compa¬ 
nies  are  not  rushing  back  to  fill 
out  huge  purchase  orders  on 
infrastructure.  Instead,  compa¬ 
nies  are  looking  at  strategic 
areas  that  can  improve  produc¬ 


[Y^  fc  fc[Programmable  ASICs 

li  '  J  jl  0,1  ^sco  hardware]  will 
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1 better  interoperability 
mk  to  be  deployed  faster 

in  the  field.  9  9 

Mike  Volpi 

Senior  vice  president  for  routing 
technology,  Cisco 


Such  technologies  will  be 
important  factors  in  Cisco’s 
stated  goal  of  10%  to  15%  growth 
over  the  next  five  years.  But 
Chambers  said  not  all  the  com¬ 
pany’s  three  major  product  cate¬ 
gories  —  routing  and  switching, 
advanced  technologies  and  ser¬ 
vice  providers  —  have  to 
become  stellar  business  lines  to 
accomplish  this. 

“If  we  grow  two  out  of  the 
three,  we  will  do  well,”  Chambers 
said.  “If  one  does  well,  and  two 
do  OK,  we  will  also  get  there.” 

In  the  advanced  technology 
area,  Chambers  said  Cisco  won’t 
acquire  large  competitors  to 
boost  its  market  share.  If  the 
company  did  that,  he  said,  “that 
uld  mean  that  our  products 
didn’t  work." 

istead,  Cisco  will  continue  to 
aure  small  and  partner  large.” 
sample  of  this  is  the  storage 
'‘•'■na,  where  Cisco  recently  ac- 
u  d  switch  start-up  Andiamo 
•  ■ms  (which  resulted  in  the 
M'  S  9000  storage  switch). 

•  ’.v.:i;ber-»  said  Cisco  has  since 
.  pari  r  relationships 
a  n  must  of  the  leading  storage 


tivity  in  the  short  term  —  such 
as  security,  IP  communications 
and  wireless. 

“CIOs  won’t  sign  off  on  any¬ 
thing  that  has  more  than  an  18- 
month  [ROI],” Chambers  said. 

He  further  defined  Cisco’s  mes¬ 
sage  to  its  enterprise  customers: 
Businesses  should  stop  thinking 
about  buying  point  products  and 
begin  to  look  at  network  pur¬ 
chases  (of,  namely  Cisco  gear)  as 
whole  systems. 

“Buying  separate,  best-of-breed 
point  products,”  Chambers  said, 
will  end  up  costing  companies 
more  in  the  end  in  terms  of  im¬ 
plementation  and  support  costs. 

But  that  notion  didn’t  sit  well 
with  some  attendees. 

There  are  questions  about 
Cisco’s  intent  to  get  closer  to  cus¬ 
tomers  as  a  services  and  integra¬ 
tion  company,  says  Frank  Dzu- 
beck,  president  of  Communica¬ 
tions  Network  Architects.  “Cisco 
says  customers  aren’t  looking  for 
best-of-breed  products,  but 
[products]  that  work  together  as 
a  system,”  he  said.  “So  does  that 
mean  customers  have  to  com¬ 
promise  in  areas  where  Cisco 


may  not  be  the  market  leader  in 
a  certain  technology?  Who’s 
going  to  do  that?” 

“That’s  a  bit  of  a  marketing  spin 
when  they  talk  about  the  idea  of 
systems  instead  of  point  prod¬ 
ucts,”  says  Ray  Mota,  an  analyst 
with  Synergy  Research  Group. 
“Most  enterprises  already  have 
infrastructures  in  place  and  are 
looking  for  point  products  for 
various  applications.” 

Weaning  Windows 

Meanwhile,  Mario  Mazzola, 
senior  vice  president  for  devel¬ 
opment,  discussed  some  of  the 
design  and  engineering  changes 
happening  at  Cisco  that  are 
aimed  at  delivering  products  that 
work  together  more  seamlessly 
and  at  lower  prices. 

Among  several  topics,  Mazzola 
outlined  Ciscos  intent  to  move 
from  “closed  systems  to  open  sys¬ 
tems”  on  technologies  such  as  IP 
voice  and  messaging  applica¬ 
tions  —  such  as  its  CallManager 
IP  PBX  and  Unity  Unified  Mes¬ 
saging  software. 

He  said  this  will  involve  migrat¬ 
ing  from  a  Windows  server 
model  toward  a  Linux  server 
and  Linux-based  appliance 
model.This  will  make  such  prod¬ 
ucts  more  resilient  and  flexible, 
he  added.  Some  users  and 
industry  analysts  have  criticized 
Ciscos  use  of  a  Windows-based 
phone  system,  which  they  say  is 
more  susceptible  to  Internet 
attacks  and  worms,  and  could 
put  corporate  phone  networks 
at  risk. 

Mazzola  also  discussed  the 
company’s  move  toward  unify¬ 
ing  the  software  and  silicon  put 
into  its  products.  This  involves  a 
move  to  a  more  common  set  of 
ASICs  and  components  across 
product  lines,  and  more  com¬ 
monality  in  software  running 
across  product  lines.  Mazzola 
said  these  moves  will  make  prod¬ 
ucts  interoperate  better. 

“This  will  be  necessary  in  the 
shift  from  [product-level]  resili¬ 
ency  to  system  resiliency”  he 
said. 

Mike  Volpi,  Cisco’s  senior  vice 
president  for  routing  technology, 
added  to  this  idea,  talking  about 
ASICs,  which  can  be  reprogram¬ 
med  after  deployment.  He  said 
Cisco  is  working  on  ASIC  tech¬ 
nology  that  will  let  chip  func¬ 
tions  be  written  in  standard  pro¬ 
gramming  language  —  such  as  C 
and  C++  —  and  then  compiled 
and  loaded  into  silicon. 

“[Programmable  ASICs  on 
Cisco  hardware]  will  allow  new 
services  and  better  interoper¬ 
ability  to  be  deployed  faster  in 


the  field,”  Volpi  said.  Future 
examples  of  this  could  take  the 
form  of  a  security  appliance 
ASIC  that  could  be  reprogram¬ 
med  with  the  latest  intrusion- 
detection  technology. 

New  routers 

Along  with  the  announcement 
of  a  new  line  of  service  provider 
12000  series  routers  and  7600 
edge  routers,  glimpses  of  some 
new  enterprise-focused  prod¬ 
ucts  were  sprinkled  throughout 
the  event. 

Cisco  released  upgrades  for  the 
12000  series  that  add  40G  bit/sec 
of  bandwidth  from  a  module  slot 
to  the  router’s  backplane.  This 
could  help  service  providers 
deploy  multiple  OC-192  ports  on 
a  router.  Analysts  say  the  router 
will  help  Cisco  keep  pace  with 
Juniper  and  other  smaller  rivals 
as  it  develops  its  next-generation 
router,  expected  next  year. 

New  software  was  demon¬ 
strated  that  could  help  adminis¬ 
trators  better  manage  modules 
in  a  Catalyst  6500  chassis.  The 
software  lets  users  graphically 
configure  virtual  LAN  and  IP 
address  settings;  view  configura¬ 
tion  data;  and  view  perfor¬ 
mance  for  Cisco  IDS  blades, 
firewall  blades  or  VPN  concen¬ 
trator  modules  inside  a  Catalyst 
chassis. 

The  software  also  can  be  used 
to  configure  multi-layer-switch- 
ing  functions  in  the  box. 
Currently,  advanced  Catalyst 
6500  modules  must  be  config¬ 
ured  as  separate  devices  inside 
the  chassis,  either  by  command 
line  or  individual  configuration 
tools  for  each  product. This  soft¬ 
ware  is  expected  to  be  released 
in  2004. 

Cisco  also  talked  about  an  IP 
video  software  integration 
client,  also  to  be  released  in  the 
new  year,  for  integrating  video 
into  Cisco  IP  phone  conversa¬ 
tions.  The  client,  used  with  a 
standard  USB  PC  camera,  will 
synchronize  IP  video  with  a 
Cisco  IP  phone  call  without 
requiring  any  extra  button-push¬ 
ing  or  mouse-clicking.  ■ 


More  online! 

Find  out  how  Cisco  is  extending  its 
Internet  core  and  edge  router  lines. 
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AT&T  and 
AT&T  Wireless 


The  path  to  IP  can  be  strewn  with  obstacles.  Or  not. 


Protect  your  investment  with  Sprint. 
Smoother  migration,  fewer  headaches  with 
one  company. 

•  SprintLinkSM  IP  services  utilize  a  common  IP  platform  for  easy  migration 
from  existing  legacy  technologies  to  IP  AT&T  doesn't,  which  can  introduce 
integration  concerns. 

•  Sprint  has  a  broader  portfolio  of  IP  VPN  services,  so  we  can  tailor 
migration  solutions  that  extend  the  life  of  your  existing  network  assets 
and  save  money. 

•With  our  integrated  wireless  and  wireline  services,  managed  as 
one  seamless  network,  you  can  run  IP  applications  to  more  people 
in  more  places. 

Get  the  facts  at  sprint.com/facts  or  call  866-700-0029 

for  a  Business  Representative. 


One  Sprint.  Many  Solutions?M 

Voice/Oata  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


Coverage  claims  based  on  the  Sprint  Nationwide  PCS  Network  (reaching  240  million  people),  the  AT&T  Wireless  National  Next  Generation  (GPRS)  network  and  coverage  included  with 
available  service  plans  excluding  roaming  areas.  Copyright  ©Sprint  2003.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P 
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Penguin 

continued  from  page  1 

wiil  recognize  Tux  as ‘that  computer  thing.’” 

“That  computer  thing”  is  everywhere. 
From  ashtrays  and  earrings  to  coffee  mugs 
and  baseball  caps,  Tux,  as  the  penguin  is 
known. has  gained  a  kind  of  cult  following. 
The  portly  bird  is  the  main  character  in  a 
video  game  available  at  tuxracer.com. 
Seven-foot  incarnations  mingle  with  show- 
goers  at  tech  industry  conferences.  Plush 
stuffed  Tuxes  are  available  on  the  Web.  And 
IBM  plastered  larger  than  life  images  of  Tux 
on  the  sides  of  buildings  in  New  York  dur¬ 
ing  its  Peace, Love, Linux  campaign  in  2001. 

But  why  a  penguin?  Who  came  up  with 
the  image  of  a  bird  that  some  complained 
looked  too  much  like  Homer  Simpson?  It 
all  started  in  1996,  when  the  5-year-old 
operating  system  began  to  be  more  widely 
used  and  talk  began  about  the  need  to 
create  a  logo  for  Linux. 

“1  always  felt  that  the  Linux  logo  should 
be  something  fun  and  something  you  can 
identify  with,”  Torvalds  explained  in  an 
e-mail  interview.  “And  being  fun  and 
friendly  pretty  much  means  that  you  have 
an  animal  logo.” 

Fun  and  friendly  wasn’t  exactly  what 
some  in  the  Linux  community  were  look¬ 
ing  for,  though.  Torvalds  says  one  strong 
camp  was  firmly  entrenched  behind  the 
idea  “that  what  Linux  needed  was  not  a 
cute  cuddly  logo  at  all,  but  something  very 
staid  and  corporate  to  offset  the  ‘goofy’ 
nature  of  Linux  development  instead.” 

Nevertheless,  with  Torvalds  squarely  be¬ 
hind  the  penguin,  debate  over  other  possi¬ 
bilities  —  among  them  an  albatross,  a 
platypus,  an  eagle  and  a  fox  —  quickly 
ended.  Among  his  inspirations  for  choos¬ 
ing  the  bird  is  that  he  was  bitten  by  one 
while  in  Australia. 

A  contest  eventually  was  held  to  choose 
the  logo.  Larry  Ewing,  who  was  22  at  the 
time  and  finishing  up  an  electrical  engi¬ 
neering  degree  at  Texas  A&M  University, 
was  working  at  the  university’s  Institute  of 
Scientific  Computation  and  saw  the  dis¬ 
cussion  on  the  Linux  kernel  mailing  list. An 
avid  artist,  Ewing  figured  penning  a  pen¬ 
guin  was  a  better  use  of  his  time  than 
studying  for  finals. 

Torvalds  was  looking  for  a  plump,  con¬ 
tent  penguin  — “Not  fat, but  you  should  be 
able  to  see  that  it’s  sitting  down  because 
it’s  really  too  stuffed  to  stand  up.  Think 

bean  bag’  here,”  Torvalds  wrote  in  a  1996 
e-mail  describing  his  ideal 
bird.  That  image  is  what 
Ewing  gave  him. 


Tux,  the  Linux  penguin,  hammed  it  up  with 
attendees  at  a  Computer  Associates  cus¬ 
tomer  conference  earlier  this  year. 


Ewing  used  the  GNU  Image  Manipulation 
Program  (GIMP)  to  create  the  bird.  And 
then,  in  good  open  source  fashion,  he  set  it 
free.  Anyone  can  download  and  then 
tweak  the  image,  as  long  as  they  credit 
Ewing  and  the  GIMP 

Ewing  says  initially  it  was  difficult  to 
watch  his  creation  be  manipulated  by 
other  artists. 

“It’s  both  flattering  and  at  the  same  time 
you  think, ‘Ah,  I  wouldn’t  have  drawn  it  like 
that,’”  he  says. 

“But  then  I  decided  it  was  more  inter¬ 
esting  to  see  what  came  out  of  other  peo¬ 
ple  than  it  was  to  worry  about  it,”  he  adds. 

The  ability  to  alter  Tux  —  who  according 
to  Linux  community  legend  wasn’t  named 
for  his  Tuxedo-like  appearance,  but  rather  is 
an  acronym  for  “Torvalds’  UniX”  —  has 
thrust  the  penguin  into  places  a  logo  might 
not  otherwise  go,  giving  him  a  higher  pro¬ 
file  in  the  process. 

The  penguin  factor 

Ewing,  a  developer  at  Linux  firm  (and  re¬ 
cent  Novell  acquisition)  Ximian,also  cre¬ 
ated  Ximian’s  monkey  logo  and  still 
sketches  as  a  hobby.  But  these  days,  pen¬ 
guins  don’t  fit  into  his  repertoire. 

“1  don’t  think  I’ve  done  a  penguin  draw¬ 
ing  in  a  year  or  two,”  he  says.“With  the  free 
time  I  spend  drawing  I’d  usually  rather 
draw  something  other  than  a  penguin.” 

Ewing  says  he  doesn’t  worry  about  miss¬ 
ing  out  on  any  kind  of  windfall  that  comes 
with  the  creation  of  a  successful  corpo¬ 
rate  logo. 

“I’ve  never  milked  it  really.  1  mean,  I  guess 
I  did  two  book  covers  for  Addison-Wesley 
that  I  got  paid  for  and  maybe  a  couple 
other  small  drawings,  but  that’s  the  sum 
total  of  anything  that  I’ve  gotten,”  he  says. 

He  does  get  a  kick  out  of  running  into  his 
penguin  in  unexpected  places. 

“There  have  been  strange 
times.Like  fora  while, some  of 
the  Boston  T  cars  had  the  IBM 
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‘Peace,  Love,  Linux’  thing,”  he  says. “There 
was  a  time  there  where  it  was  really  shock¬ 
ing  to  go  into,  say,  a  Barnes  &  Noble  and 
walk  down  the  computer  aisle  and  see  lots 
of  penguins  staring  out  at  you.” 

Or  how  about  going  to  a  trade  show  and 
seeing  a  seven-foot  version  of  your  creation 
walking  around  greeting  showgoers? 

Sam  Greenblatt, senior  vice  president  and 
chief  architect  of  Computer  Associates’ 
LinuxTechnology  Group, doesn’t  see  what’s 
odd  about  it.  He  donned  the  penguin  suit 
at  CA’s  annual  user  conference  this  past 
summer  to  mingle  with  attendees  and 
spread  the  word  about  Linux.  Tux  was  part 
of  an  all-star  Linux  line-up  that  included 
Torvalds,  John  “Maddog”  Hall,  Larry 
Augustin,  Jay  Peretz  of  Oracle,  Michael 
Evans  of  Red  Hat  and  Juergen  Geek  of 
SuSe  Linux. 

“Tux  is  integral  to  the  branding  of  Linux,” 
Greenblatt  says. 

“Tux  brings  people  together,”  he  adds. 
“They  love  him.” 

The  penguin  grows  up 

As  the  love  for  Tux  grows,  so  does 


Linux’s  popularity.  Ewing  says  he  doubts 
he  would  have  submitted  his  rendition  if 
he  knew  what  lay  in  store  for  the  open 
source  operating  system.  Linux  was  pretty 
much  relegated  to  scientific,  geeky  instal¬ 
lations  in  1996. 

“I  didn’t  know  how  things  were  going  to 
go,”  he  says.That’s  been  the  other  real  fun 
part:  just  watching  Linux  get  more  and 
more  important.  And  then  the  penguin 
sort  of  goes  along  with  it.” 

After  a  pause,  he  adds:  “It’s  kind  of  inter¬ 
esting.  1  spent  probably  20  or  30  hours 
drawing  the  penguin  stuff,  and  I’ve  spent 
four  or  five  years  writing  code, and  I’m  still 
known  for  the  penguin  a  lot  more  than  I 
am  for  any  of  the  code.”  ■ 


Got  great  ideas 


■  Got  an  idea  for  a  Wider  Net  story?  An 
offbeat  technology  industry-related 
topic?  A  fascinating  personality  we 
should  profile?  Let  me  know  at 
bbrown@nww.com. 


Sarvega  accelerates 
XML  processing 


■  BY  JOHN  FONTANA 

Web  services  start-up  Sarvega  has  re¬ 
leased  an  XML  network  traffic-acceleration 
device  that  integrates  security  and  content- 
aware  routing  onto  a  blade  that  fits  a  stan¬ 
dard  PCI  chassis  and  is 
compatible  with  IBM  and 
HP  blade  architectures. 

The  company  last  week 
unveiled  XRE  200,  which 
will  give  corporate  users 
a  range  of  options  for  de¬ 
ploying  hardware  that 
will  help  process  and 
manage  XML-based  mes¬ 
sages.  XML  message  can 
use  about  80%  of  server 
power  when  processed 
using  application  server 
software. 

Blades  let  companies  stack  more  server 
equipment  into  a  smaller  space  than  taken 
up  by  traditional  servers.  Also,  the  blades  in 
a  chassis  can  share  services  over  the  chas¬ 
sis’s  backplane. 

The  rise  of  XML-aware  hardware  is  not 
surprising,  considering  that  many  CPU¬ 
intensive  tasks  have  been  moved  from  soft¬ 
ware  to  dedicated  hardware,  including 
routing,  load  balancing  and  encryption/ 
decryption. 

Competitors  such  as  Conformative 
Systems  and  Intel  spin-off  Tarari  offer 
other  designs,  most  notably  PCI  cards  that 
can  plug  into  servers,  appliances  or  net¬ 
work  devices. 

The  XRE  blade  is  identical  in  features  and 


functions  to  Sarvega’s  XPE  2000  appliance. 

“We  expect  to  see  a  lot  more  vendors 
using  these  alternative  models,”  says  Ron 
Schmelzer,  an  analyst  with  ZapThink.“XML 
acceleration  has  to  happen  close  to  the 
application  server.  If  the  blade  is  in  the 
same  chassis,  it  takes 
over  the  processing.” 

Other  vendors  that 
offer  dedicated  acceler¬ 
ation  hardware  include 
DataPower,  Forum 
Systems,  Reactivity  and 
Westbridge  Technology 
DataPower  this  week 
will  introduce  Version 
2.5  of  firmware  for  its 
XS40  XML  Security  Gate¬ 
way  and  XA35  XML 
Accelerator.  The  firm¬ 
ware  includes  support  for  the  Security 
Assertion  Markup  Language;  integration 
with  access  management  software  from 
Sun  and  Netegrity;and  a  technology  called 
DataGlue,  which  can  convert  XML  mes¬ 
sages  to  binary  text  for  systems  such  as 
mainframes.  Company  officials  would  not 
say  if  they  were  developing  a  blade. 

Sarvega’s  XRE  200  features  Gigabit 
Ethernet  throughput  and  performs  Exten¬ 
sible  Stylesheet  Language  transformation 
and  XML  parsing,  validation  and  com¬ 
pression.  The  blade  performs  authoriza¬ 
tion,  authentication,  auditing  and  serves 
as  a  firewall.  It  also  supports  load  balanc¬ 
ing  and  traffic  control  and  is  compatible 
with  Layer  7  devices. 

The  XRE  200  blade  is  priced  at  $20,000.  ■ 


Blade  buzz 

IDC  expects  blades  to 
account  for  of 
server  units  shipped 
by  2006.  Through 
September,  blades 
accounted  for just 
of  shipments  this  year. 
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The  AMD  Opterori”  processor,  superior  32-bit  performance  with  expanded  64-bit  capability. 

It’s  the  only  server  processor  designed  to  run  your  32-  and  64-bit  applications  simultaneously  and  without  compromise. 
AMD  Opteron  runs  on  AMD64,  a  breakthrough  architecture  that  enables  64-bit  technology  on  the  x86  platform-creating 
a  new  class  of  computing. 

The  world’s  highest  performing  2P  and  4P  industry  standard  servers 
are  now  powered  by  AMD  Opteron  processors.  Get  unparalleled  32-bit 
performance  and  the  ability  to  transition  seamlessly  to  64-bit  computing. 

Leverage  your  existing  investments  while  preparing  for  the  future.  It’s  one  architecture 
across  your  enterprise  that  offers  industry  leading  performance  for  your  32-bit  applications,  and  doesn’t 
require  a  forklift  upgrade  as  more  64-bit  applications  emerge.  It’s  just  another  way  AMD  designs  and  builds 
processors  with  you  in  mind.  For  a  closer  look  at  the  AMD  Opteron  processor,  visit  www.amd.com/opteron 


AMD 


Opteron 


©  2003  Advanced  Micro  Devices.  Inc.  All  rights  res< 
Opteron,  and  combinations  thereof  are  tradei 
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fcl  IPv6  deployment  will  be  interesting 
because  it  will  not  happen  overnight.  9  9 

Ben  Schultz 

Managing  engineer,  University  of  New  Hampshire’s 
Interoperability  Lab 


IPv6 

continued  from  page  1 

IPv6  promises  easier  administra¬ 
tion,  tighter  security, greater  mobil¬ 
ity  and  an  enhanced  addressing 
scheme  over  IPv4,  the  Internet’s 
current  protocol.  IPv6  uses  a  128- 
bit  addressing  scheme  and  can 
support  a  virtually  limitless  num¬ 
ber  of  uniquely  identified  systems 
on  the  Internet.  In  contrast,  IPv4 
supports  only  a  few  billion  sys¬ 
tems  because  it  uses  a  32-bit  ad¬ 
dressing  scheme. 

The  North  American  IPv6  Task 
Force  joined  the  military  and  uni¬ 
versity  communities  in  building 
the  largest-ever  network  based  on 
IPv6.  Dubbed  Moonv6,  this  net- 

f  \ 

Tips  for  IPv6 
deployment 

Here's  some  advice 
for  network  managers 
thinking  about 
migrating  to  IPv6: 


Plan  ahead.  Upgrading  to  IPv6 
requires  a  detailed  network 
design  and  transition  plan. 

Take  time.  The  Defense 
Department  will  migrate  to 
IPv6  over  the  next  six  years. 
Most  companies  will  need 
three  or  four  years  to  enable 
IPv6  during  regular  upgrades. 

Test  Never  deploy  a  new  proto¬ 
col  on  your  backbone  network 
without  adequate  testing. 

Train  your  people.  One 

expense  associated  with  IPv6  is 
training  your  network  manage¬ 
ment  and  operations  staff. 

Appoint  an  IPv6  leader. 

Choose  someone  in  your  organi¬ 
zation  to  lead  deployment. 

v _ \ _ 2 _ _ J 

work  connects  more  than  80 
servers,  switches  and  nodes  in 
eight  states.  Moonv6  was  com¬ 
pleted  in  October  and  is  running 
IPv6  and  IPv4. 

“We  were  all  shocked”  at  how 
simple  it  was  to  deploy  Moonv6, 
Bound  says.  “It  went  way  easier 
than  we  thought.  But  the  trick  is 
ou  have  to  plan,  plan,  plan." 

More  significant  for  corporate 
'  vork  managers  is  the  idea  that 
'  1  will  require  few  additional 
;  beyond  regular  network  up- 
■s  ITiat’s  what  NTT  subsidiary 
discovered  as  it  developed 
L  .  commercial  IPv6  service 
1  US.,  which  it  announced 
■  '  .veek  at  the  summit. 

■  wasn’t  a  lot  of  cost  to 
‘■r  IPv6  service,"  says 


Cody  Christman,  director  of  prod¬ 
uct  engineering  for  Verio.  “IPv6 
has  been  on  our  road  map  since 
1997.  We’ve  always  kept  it  in  mind 
when  we  were  upgrading  our 
switches  and  routers.” 

Verio  has  priced  its  new  IPv6 
offerings  at  the  same  rates  as  its 
IPv4  services.  The  company  now 
offers  commercial  IPv6  service  at 
every  location  in  the  U.S.  where  it 
offers  Internet  access. 

“It’s  kind  of  a  myth  that  when 
people  deploy  IPv6  it’s  going  to 
require  an  enormous  capital 
expenditure,”  Christman  says.  “It 
definitely  wasn’t  the  case  at 
Verio.” 

The  IETF  finalized  the  main 
IPv6  specifications  in  1998. 
However,  IPv6  has  taken  the 
intervening  years  to  gain 
momentum  among  network 
vendors  and  ISPs. 

IPv6  deployment  is  easier  and 
costs  less  than  anticipated  be¬ 
cause  the  protocol  now  ships 
with  many  networking  prod¬ 
ucts.  All  the  major  router  manu¬ 
facturers  —  including  Cisco, 
Juniper,  Foundry  Networks  and 
Extreme  Networks  —  support 
IPv6.  Microsoft  supports  IPv6  in 
Windows  XP  and  IPv6  comes 
bundled  with  the  most  popular 
versions  of  Unix  and  Linux.  Key 
public  domain  software  pack¬ 
ages  such  as  the  Mozilla  Web 
browser,  Apache  Web  server 
and  Sendmail  e-mail  software 
also  support  IPv6. 

“All  the  network  infrastructure 
components  are  IPv6  enabled,” 
Bound  says.  “What  we’re  still 
missing  are  software  applica¬ 
tions.  We  need  the  major  busi¬ 
ness  applications  such  as 
Oracle,  PeopleSoft  and  SAP  to 
support  IPv6.”  These  applica¬ 
tions  are  coming,  as  evidenced 
by  Oracle  executives  unveiling 
their  IPv6  road  map  at  the  IPv6 
Summit  last  week. 

Industry  observers  now  expect 
corporations  to  upgrade  to  IPv6 
gradually  as  individual  depart¬ 
ments  need  newer  software  and 
hardware. IPv6  and  IPv4  will  coex¬ 
ist  for  many  years  because  most 
companies  replace  desktops, 
servers  and  network  gear  every 
few  years. 

“IPv6  deployment  will  be  inter¬ 
esting  because  it  will  not  happen 
overnight,”  says  Ben  Schultz,  man¬ 
aging  engineer  at  the  University 
of  New  Hampshire’s  Interoper¬ 
ability  Lab  in  Durham.  “Instead, 
there  are  going  to  be  small  exper¬ 
imental  pockets  within  compa¬ 
nies.  . .  .There’s  always  going  to  be 
some  legacy  router  that’s  a  pain 
to  upgrade  and  you’ll  have  to  tun¬ 
nel  around  it.” 


Early  adopters  say  that 
because  IPv6  comes  bundled 
with  network  hardware  and  soft¬ 
ware,  deployment  costs  are  low. 
Verio  found  its  IPv6  deployment 
costs  to  be  negligible  because 
the  protocol  comes  built  in  with 
the  latest  router  software.  Verio 
uses  routers  from  Cisco  and 
Juniper. 

“It  does  have  to  be  tested  like 
any  [Juniper  or  Cisco  software] 
rollout,”  Christman  says.  “We  also 
modified  our  provisioning  and 
automated  network  monitoring 
tools.  But  the  costs  are  not  signifi¬ 
cant  from  an  ISP  standpoint.” 

That’s  why  Verio  is  not  charging 
a  premium  for  its  IPv6  service. 
Corporate  network  managers  can 
purchase  an  IPv6  fractional  DS-3 
line  for  the  same  cost  as  an  IPv4 
fractional  DS-3,  he  says. 

Easy  to  deploy 

Early  adopters  of  IPv6  also  are 
finding  that  the  protocol  is  easier 
to  deploy  than  expected. 

The  high-speed  Abilene  net¬ 
work,  which  links  200  U.S.  univer¬ 
sities,  has  enabled  IPv6  on  half  of 
its  network  connectors.  About  40 
universities  use  the  new  protocol. 

“You  have  to  have  routers  capa¬ 
ble  of  doing  IPv6,”  says  Rick 
Summerhill,  associate  director  of 
backbone  network  infrastructure 
for  the  Internet2  consortium, 
which  operates  Abilene.  “All  we 
did  was  take  our  backbone  and 
add  IPv6  to  our  11  [Juniper] 
routers. ...  It  was  easy 

Summerhill  predicts  most  uni- 
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■  THIS  WEEK’S  QUESTION: 

Which  company  did  AT &T 
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William  Hannigan  from? 
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versities  that  use  Abilene  will  up¬ 
grade  to  IPv6  within  three  years. 
He  says  the  upgrade  to  IPv6  will 
not  be  that  expensive  because  it 
will  happen  as  part  of  a  “natural 
evolution”  of  university  networks. 

“Putting  IPv6  on  a  network 
backbone  is  relatively  simple. 
Even  regional-type  networks  are 
relatively  easy  Summerhill  says. 
“Closer  to  the  [network]  edges, 
the  routing  infrastructures  may 
not  be  IPv6-capable.That  may  be 
a  little  harder.  So  people  will 
evolve  to  it  over  three  or  four 
years.” 

The  positive  feedback  from 
early  adopters  of  IPv6  is  good 
news  for  the  Defense  Depart¬ 
ment,  which  has  committed  to  a 
complete  migration  to  IPv6  by 
2008.  The  Defense  Department’s 
CIO  John  Stenbit  has  mandated 
that  all  IT  purchases  after  Oct.  1, 
2003  be  IPv6-capable. 


The  Defense  Department  sup¬ 
ports  Moonv6,  which  links  the 
University  of  New  Hampshire’s  In¬ 
teroperability  Laboratory  with 
military  sites  in  Arizona,  Cali¬ 
fornia,  Illinois,  Maryland,  New 
Jersey,  South  Carolina  and 
Virginia.  Twenty-six  network  ven¬ 
dors  have  tested  their  hardware 
and  software  for  IPv6  compliance 
and  interoperability  on  the 
Moonv6  backbone. 

Maj.  Roswell  Dixon,  who  over¬ 
sees  IPv6  testing  for  the  Joint  In¬ 
teroperability  Test  Command  at 
Ft.  Huachuca  in  Arizona,  says 
about  90%  of  the  interoperability 
testing  on  Moonv6  has  been 
successful. 

Some  of  the  IETF’s  IPv6  specifi¬ 
cations  “left  a  little  room  for  inter¬ 
pretation,”  Dixon  says.  “We  need 
better  defined  [specifications] 
but  these  are  little  glitches  that 
can  be  fixed.  We  see  no  show- 
stoppers  with  IPv6.” 

Dixon  says  the  military  is 
migrating  to  IPv6  because  of  the 
mobility  and  security  benefits 
that  it  offers.  “We  need  IPv6  for 
network-centric  warfare,”  he 
says.B 

Get  more  information  online. 
DocFinder:  8953 
www.nwfusion.com 


Airespace  introduces 
access  point  with  a  twist 

■  BY  JOHN  COX 

A  new  wireless  LAN  access  point  from  Airespace  is  designed  to  use 
centralized  administration  services,  eliminating  the  need  to  go  to  the 
trouble  and  expense  of  deploying  WLAN  switches  at  remote  sites. 

The  company  also  has  released  Version  2.0  of  its  switch  operating 
system,  AirOS.  The  software  lets  Airespace  access  points  track  the 
location  of  other  WLAN  radios,  such  as  client  cards  and  unauthorized 
access  points. 

The  new  Airespace  1200R  Remote  Edge  Access  Fbint  plugs  into  a 
router,  gateway  or  cable  modem,  and  then  uses  a  modified  version  of 
the  proposed  Lightweight  Access  Point  Protocol  to  talk  to  an 
Airespace  4000  WLAN  switch. The  1200R  downloads  from  the  switch 
the  appropriate  configuration  settings,  security  and  authentication 
policies,  sets  itself  up  and  begins  running. 

Access  points  from  rival  switch  vendors  need  an  Ethernet  LAN  con¬ 
nection  to  hook  up  with  a  WLAN  switch.  Some  vendors  recently  have 
unveiled  streamlined,  less-expensive  switches  for  small,  remote  sites, 
but  these  products  still  typically  list  for  at  least  $l,000.The  1200R  costs 
$750  because  it’s  essentially  little  more  than  a  WLAN  radio  with  an  RJ- 
45  connection  to  a  remote  site’s  WAN  link. 

“It’s  a  phenomenal  idea,”  says  Jamie  McGann,  business  development 
executive  with  GTSI,  a  computer  services  company  focused  on  gov¬ 
ernment  accounts.  GTSI  resells  Airespace  products  and  has  deployed 
them  to  create  an  enterprise  WLAN  for  about  200  employees  at  its 
Chantilly  Va.,  headquarters.  “The  1200R  can  get  what  it  needs  for  its 
security  from  the  [4000]  switch.  It’s  more  like  a  remote  node  on  the 
enterprise  net  [than  a  conventional  stand-alone  access  point].” 

The  1200R  will  be  popular  in  government  accounts,  he  says,  because 
there  are  large  numbers  of  remote  field  offices,  branches, military, emer¬ 
gency  and  law  enforcement  uses  for  a  WLAN  access  point  that  can  be 
controlled  centrally  over  a  WAN.B 
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■  Expand  Networks  last  week  an¬ 
nounced  management  software  to 
keep  track  of  its  acceleration  gear 
and  produce  reports  about  WAN  per¬ 
formance.  Called  ExpandView,  the 
platform  monitors  performance  of 
point-to-point  links  and  of  applications 
running  over  those  links,  giving  net¬ 
work  administrators  a  tool  for  deter¬ 
mining  whether  the  performance  a 
connection  is  out  of  sync  with  similar 
connections.  Expand’s  Accelerator 
gear  is  sold  in  pairs  that  sit  at  either 
end  of  a  point-to-point  WAN  link  and 
compress  the  data,  thereby  increasing 
the  amount  of  data  per  second  that 
can  travel  across  the  wire.  It  also  can 
impose  quality-of-service  policies  on 
applications  to  prioritize  traffic  and 
conserve  bandwidth.  ExpandView  will 
be  available  in  January.  It  costs  $5,000 
for  a  server  that  can  support  up  to 
500  accelerators. 

■  Server  management  firm  Moon¬ 
light  Systems  has  rolled  out  the  lat¬ 
est  version  of  its  flagship  product,  pro¬ 
viding  full  support  for  Windows-only 
environments  for  the  f  irst  time. 
Moonlight  Version  5,  which  sup 
ports  multiple  platforms,  also  adds  a 
number  of  updated  features  that  let 
administrators  audit  servers  for  hot 
fixes,  patches  and  service  packs, 
automate  on-demand  provisioning  of 
applications,  and  deploy,  audit  and 
update  applications.  A  30-day  trial  ver¬ 
sion  is  available  at  www.moonlight. 
com/moonlight/download.jsp>.  Moon¬ 
light  Version  5  starts  at  $15,000  to 
manage  the  first  25  target  servers. 

■  Deem,  a  vendor  of  networked  stor¬ 
age  security  products,  announced  last 
week  two  products  designed  to  pro¬ 
tect  tape  storage.  Called  the  DataFort 
T520  and  the  FC520,  the  devices  sit 
between  the  server  and  the  tape 
library  or  attach  to  a  Fibre  Channel 
SAN  switch.  Once  connected  they 
encrypt,  authenticate  and  log  data 
saves  to  tape  back-up  environments. 
The  FC520  works  in  Fibre  Channel 
disk-based  or  tape  environments.  The 
FC520  costs  $35,000.  Pricing  for  the 
T520  is  not  available. 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 


Nortel  lags  behind  1 0G  curve 


■  BY  PHIL  HOCHMUTH 

With  Cisco,  Enterasys  Networks,  Extreme 
Networks,  Foundry  Networks  and  Force  10 
Networks  having  introduced  switches  this 
year  that  provide  full-duplex  10G  Ether¬ 
net  throughput  —  and  switching  capaci¬ 
ties  in  the  T-bit/sec  —  Nortel  has  re¬ 
mained  quiet.  While  the  vendor  was 
among  those  leading  the  charge  toward 
10G  Ethernet  several  years  ago,  its  prod¬ 
uct  turnout  has  since  cooled. 

Although  Nortel  was  among  the  first  to 
talk  about  10G  Ethernet  as  early  as  2001,  it 
has  fallen  behind  in  the  10G  race.The  com¬ 
pany  currently  offers  single-port  and  dual¬ 
port  10G  Ethernet  modules  for  its  PassPort 
8600.  Competitors  such  as  Cisco,  Enterasys, 
Foundry  and  ForcelO  offer  blades  with 
four  10G  Ethernet  ports.  Extreme  last  week 
unveiled  a  six-port  10G  Ethernet  blade 
along  with  its  next-generation  switch  chas¬ 
sis  platform. 

According  to  Nortel,  next-generation  10 
Gigabit  is  on  the  way 

“Nortel  is  in  development  for  a  cost-effec¬ 


tive,  higher  density  lOGig  module  for  the 
PassPort  8000  platform,”  says  Tammy 
Coleman,  director  of  Ethernet  switching 
marketing  at  Nortel. 

While  not  getting  into  details,  she  says 
Nortel’s  plans  are  to  provide  an  “evolution 
of  the  PassPort  8000  series”  that  provides 
backwards-compatibility. 

“High-end  enterprise  switching  is  an 
area  the  PassPort  is  behind  in,”  says  Zeus 
Kerravala,  an  analyst  with  The  Yankee 
Group. 

“They’re  not  only  behind  in  product 
development,  but  also  in  mind  share,” 
Kerravala  says. “I  don’t  think  when  people 
are  thinking  of  next-generation  10-Gigabit 
Ethernet  that  Nortel’s  name  comes  up  all 
that  often,”  he  says.  “That  kind  of  business 
tends  to  go  to  the  Foundries  and  Extremes 
and  Cisco.” 

While  Nortel  might  be  behind  the  curve 
in  high-end  performance,  Kerravala  says  it 
has  such  a  wide  array  of  products  that  the 
company  still  remains  competitive  to 
users  looking  for  a  single-vendor  alterna¬ 
tive  to  Cisco. 


Nortel  has  such  breadth  in  its  product 
line  —  from  switches,  routers,  telephony, 
security  and  optical  —  “that  they  don’t 
have  to  be  first  to  market  to  win  deals," 
Kerravala  says.  “They  would  do  better  to 
sell  Nortel  switching  as  part  of  a  whole  in¬ 
frastructure  that  can  help  lower  the  cost  of 
IT,”  with  such  applications  as  IP  telephony, 
or  integrated  LAN/WAN  and  metropolitan 
Ethernet  networking,  he  adds. 

Nortel  is  lagging  in  the  high  end  because 
the  company  decided  to  focus  on  carrier 
sales  between  1999  and  2000. 

“They  just  didn’t  focus  much  on  their  en¬ 
terprise  data  portfolio  for  a  long  time,” 
Kerravala  says.“They  became  mostly  a  TDM 
voice  and  optical  companyAnd  it’s  hard  to 
blame  them  because  those  markets  were 
so  big  just  a  few  years  ago.” 

But  that’s  not  to  say  Nortel  has  been 
asleep  in  the  lab  in  terms  of  its  enterprise 
offerings. 

This  year,  Nortel  released  new  gear  in  the 
areas  of  high-speed  stackable  LAN  switch¬ 
ing  with  the  PassPort  5000  series,  and  new 

See  Nortel,  page  18 


Novell  access  controls  get  makeover 

■  BY  DENI  CONNOR 

NetWare  administrators  should  be 
pleased  that  Novell  will  extend  the  same 
access  controls  and  rights  they  use  in  Net¬ 
Ware  to  the  company’s  Nterprise  Linux 
Services,  whose  initial  implementation  is 
expected  to  ship  this  week. 

Access  controls  specify  which  users  or 
groups  within  an  organization  can  ac¬ 
cess  files  or  folders  and  what  they  can  do 
after  accessing  them.  When  access  con¬ 
trols  are  assigned  to  users  or  groups  of 
users  in  NetWare,  they  are  known  as 
trustee  rights,  permissions,  access  privi¬ 
leges  and  access  rights. 

Novell  says  it  will  release  Novell-style  file 
management/file  services  on  Linux  in  two 
releases  next  year.  This  release  includes 
access  rights  and  privileges,  trustee  rights 
and  permissions. 

“In  the  early  release  we  plan  to  make  a  lot 
of  the  management  capabilities,  including 
the  access  control  lists  and  some  of  the 
management  tools  available  on  existing 
Linux  file  systems,  such  as  ReiserFS  and 
ext3,”  says  Ed  Anderson,  vice  president  of 
See  Novell,  page  18 


Access  granted 


Novell  this  week  will  release  file  management/file  services  for  its  Linux 
implementation  that  specify  which  users  or  groups  within  an 
organization  can  access  files  or  folders  and  what  they  can  do  after 
accessing  them. 

Terry,  a  member  of  the  sales  group,  creates  a  document  called  Forecast.doc — 


Sales  group 


Marketing  group  Sales  group 


Marketing  group 


as  ea 

Fred  Supervisor 


as 


Administration  Accounting 

...  In  NetWare  he  can  let  Sam  read  the 
document  and  have  a  supervisor  change  it 
without  letting  Jerry  or  Fred  see  it. 


...  In  Linux,  the  only  way  the  Forecast.doc  can 
be  seen  by  the  Marketing  group  is  to  give  access 
rights  to  "other,"  which  means  that  Fred,  Jerry 
or  any  other  users  have  access  to  the  document 
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This  week  in  one  of  my  Netware  news¬ 
letters  from  Network  World  Fusion 
(www.nwfusion.com,  DocFinder: 
8937),  I  lament  the  announcement  from 
Novell  that  NetWare  4  has  reached  the  end 
of  the  line.  Many  people,  though,  might  pre¬ 
fer  to  see  NetWare  4  continue  while  Version 
5  gets  retired  —  just  as  some  would  prefer 
the  Windows  NT  4  be  preserved  and 
Windows  2000  be  rolled  out  to  pasture.  But 
software  vendors  don’t  see  the  strength  of 
those  arguments. 

As  far  as  they’re  concerned,  when  you 
introduce  a  new  version  of  the  operating 
system,  its  time  to  get  rid  of  the  oldest  ver¬ 
sion  still  shipping  —  even  if  it  offers 


www.nwfusion.com 


Operating  system  humor:  No  funny  business 


advantages  (such  as  the  applications  it 
supports)  that  interim  versions  don’t. 
When  I  opened  the  newspaper  this  morn¬ 
ing,  the  answer  to  this  dilemma  was  right 
there  on  the  comics  page. 

No,  not  the  latest  Dilbert  story  line  (al¬ 
though  it’s  as  good  as  ever),  but  the  annual 
poll  that  my  local  paper  (the  San  Jose 
Mercury  News )  conducts  on  the  comics. 
There  are  more  comic  strips  available  than 
can  fit  in  the  typical  daily  paper,  so  pub¬ 
lishers  try  to  maximize  the  potential  draw 
by  periodically  removing  one  or  two  that 
have  grown  stale  and  replacing  them  with 
something  new  and  exciting  (at  least,  that’s 
how  they  describe  it). 

All  last  week  “the  Merc”  offered  a  ballot 
to  let  you  could  vote  for  the  six  comics 
you  thought  best  and  the  six  you  could 
most  live  without.  While  the  editors  say 
that  popularity  alone  won’t  be  decide 


which  should  stay  and  which  should  go, 
I’d  imagine  that  if  more  than  50%  of  the 
respondents  suggested  that  the  time  had 
come  for  little  Billy  and  the  rest  of  Family 
Circus  to  get  on  with  their  lives  that  the 
editors  might  agree. 

So  maybe  Network  World  should  run  a 
list  of  server  and  desktop  operating  sys¬ 
tems  each  year.  We  could  indicate  which 
we  wanted  to  keep  around  (NT  4  and  Net¬ 
Ware  3,  for  example)  while  also  voting  for 
which  to  discontinue  (Windows  ME 
should  “win”  handily).  While  the  poll 
wouldn’t  directly  decide  which  contin¬ 
ued  to  be  offered  and  which  withdrawn, 
it  could  be  used  to  put  pressure  on  the 
vendors  to  consider  users’  thoughts  when 
making  operating  system  decisions.  This 
might  not  solve  all  of  our  operating  sys¬ 
tem  problems  —  but  it  couldn’t  hurt. 


Kearns ,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


Thestreetcom  covers  finan¬ 
cial  news  about  publicly 
traded  companies,  and  rec¬ 
ently  its  columnist  Ronna 
Abramson  poked  under  the 
covers  of  some  Linux  ven¬ 
dors.  The  resulting  story, 
“Linux  Reality  Doesn't  Match 
Hype”  (DocFinder:  8938),  is 
fascinating  reading. 


Nortel 
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chassis  products  aimed  at  offering  compa¬ 
nies  features  for  supporting  IP  telephony 
and  integrated  security,  such  as  the  Pass- 
Fbrt  8300  with  integrated  FbE.The  company 
also  jumped  into  the  wireless  LAN  switch 
market  with  the  launch  of  the  Security 
Switch  2250. 

According  to  Synergy  Research  Group, 
in  the  second  quarter  of  2003  Nortel  was 
in  third  place,  behind  HP  and  market 
leader  Cisco,  in  the  market  for  Layer  3 
modular  ports  —  a  primary  backbone 
application  for  the  PassPort  8600. 

The  company  also  was  a  close  second  to 
Cisco  in  the  Layer  4  to  Layer  7  switching 
market,  with  19%  of  port  shipments,  com¬ 
pared  with  Cisco’s  38%.  In  10G  Ethernet, 
Nortel  fell  to  fourth  place,  behind  Cisco, 
Foundry  and  Extreme. 

One  Nortel  user  says  the  PassPort  and 
BayStack  lines  provide  more  than  enough 
bandwidth  and  features. 

“They’re  already  right  there  in  terms  of 
our  network  needs,”  says  Bruce  Meyer, 
director  of  network  services  for  Pro- 
Medica  Healthcare  in  Toledo,  Ohio. 


ProMedica  uses  PassPort  8600s  in  the 
core  of  its  LAN  in  its  four  hospitals,  with 
Nortel  BayStack  switches  at  the  edges. 
It  also  uses  10/100M  bit/sec  and  Gigabit 
BayStack  switches  in  its  wiring  closets 
to  support  office  servers,  such  as  e-mail, 
file  and  print,  and  medical  imaging 
applications. 

“There  is  a  lot  of  redundancy  built  into 
[Nortel]  switches,  which  I  like,”  Meyer  says. 

One  feature  Meyer  uses  is  the  ability  to 
have  sub-second  failover  of  Layer  2 
switching  on  a  PassPort  8600  management 
module.  Another  Nortel  technology  he 
uses  is  called  Split  Multilink  Trunking, 
which  lets  Layer  2  Nortel  boxes  be  hooked 
together  with  multiple,  redundant  links. 
This  lets  switches  route  around  down  links 
faster  than  the  Layer  2  Spanning  Tree 
Protocol. 

Meyer  says  traffic-shaping  capabilities  is 
another  area  he’s  looking  into  with 
Nortel’s  Alteon-based  Layer  4  to  Layer  7 
switch  modules  available  for  the  PassPort 
8600.  He  says  this  could  be  implemented 
as  the  hospital  moves  off  a  mainframe- 
based  records  management  system. 

“We  would  implement  application 
acceleration  on  the  PassPort  [8600s]”  to 


support  the  new  patient  records  system, 
he  adds,  which  will  be  based  on  IP 
with  Citrix  Windows-based  terminal 
infrastructure. 


Novell 
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product  management  for  Novell. 

“Later  in  2004,  we  are  planning  on  releas¬ 
ing  full  file  and  print  services  for  Linux,” 
Anderson  says.  “In  the  second  release,  we 
plan  to  have  the  Novell  File  System  running 
on  Linux’s  Network  File  System.” 

In  NetWare,  access  rights  for  files  and 
folders  are  classed  by  the  permission  they 
involve — Access  Control,  Create,  Erase,  File 
Scan,  Modify,  Read,  Supervisory  and  Write. 
Users  can  be  assigned  to  groups,  and  with¬ 
in  groups  users  can  have  different  rights.  In 
Linux,  there  are  only  three  access  rights  — 
Read,  Write  and  Execute  —  which,  by  con¬ 
trast,  are  less  detailed  and  flexible  and 
don’t  let  IT  administrators  create  as  secure 
file  access. 

IT  managers  say  that  having  the  same  ac¬ 
cess  control  features  they  have  in  NetWare 
is  critical  to  Linux. 

“There  are  two  reasons  —  the  first  rea¬ 
son  is  because  we’ve  come  to  know  and 
love  them,” says  Scott  Hutchinson,  network 
administrator  for  the  Sheriff’s  Information 
Systems  Costa  County  in  Martinez,  Calif. 

“More  importantly,  if  you  don’t  have  secu¬ 
rity  that’s  controllable  to  the  level  of  Net¬ 
Ware,  a  lot  of  the  power  and  control  [over 
file  and  directory  access]  is  gone,”  he  adds. 
Hutchinson  has  12  NetWare  4  and  5 
servers. 

Hutchinson  says  with  NetWare  he  can 
assign  users  to  specific  groups  for  specific 
purposes. 

“We  can  have  users  in  multiple  groups  or 
have  users  in  two  groups  that  have  rights  to 
the  same  folder  because  they  are  in  the 
groups  for  different  reasons,”  he  says. 

For  instance,  managers  need  access  to 
more  information  than  typical  users.  If 


The  fact  that  Nortel  doesn’t  offer  the  lat¬ 
est  10G  Ethernet  is  not  a  concern.  “We 
don’t  have  the  need,  or  the  budget  for  that 
yet,”  Meyer  says.  ■ 


there  is  a  group  called  Marketing,  which 
contains  marketing  managers  and  em¬ 
ployees,  the  managers  might  be  able  to 
see  a  payroll  file  in  a  folder,  while  the 
other  users  wouldn’t. 

“In  Linux,  each  user  can  belong  to  multi¬ 
ple  groups,  but  you  can  only  assign  the 
ownership  of  a  folder  to  one  user  and  to 
one  group,”  Hutchinson  says. 

“Another  example  is  our  database  admin¬ 
istrators  [DBA],  who  manage  several  data¬ 
bases  throughout  the  organization.  Each 
group  individually  only  has  rights  to  their 
own  database,  but  the  DBAs  need  to  have 
rights  to  all  the  databases,”  he  says. 

“Rather  than  adding  that  user  to  all  of  the 
groups,  we  just  create  a  group  called  DBA 
in  NetWare,  and  the  DBA  group  has  rights 
to  those  databases,”  Hutchinson  says.  “You 
can't  do  that  in  LinuxT 

Anderson  says  this  is  not  the  first  time 
Novell  has  tackled  the  problem  of  rights 
assignment.  With  its  NetWare  for  Unix  pro¬ 
duct  introduced  in  1989,  Novell  mapped 
NetWare  file  services  on  top  of  Unix, 
whose  access  rights  correspond  to  Linux. 

In  the  second  half  of  2004,  Novell  will 
again  revise  Nterprise  Linux  Services  by 
adding  support  for  Novell’s  NetWare  Core 
Protocol  (NCP).  NetWare  file  servers  use 
NCP  to  process  workstation  requests  and 
handle  file  and  directory  access. 

The  other  task  customers  will  be  able  to 
perform  with  this  release  is  to  bring  up  a 
Linux  server  and  mount  a  newer  Novell 
Storage  Services  (NSS)  or  NCP  volume  on 
it,  so  existing  file  volumes  can  run  on 
Linux.  NSS  was  introduced  with  NetWare 
5  in  1998. 

“Rather  than  having  to  migrate  all  your 
data  across  the  wire,  you  could  simply 
move  the  volumes  from  one  server  to 
another,”  Hutchinson  says.  ■ 


10G  competition 

Nortel’s  competitors  in  the  10G  Ethernet  switch  market  have  been  active 
over  the  past  18  months. 


Date 

Company 

Product/features 

September 

2002 

ForcelO 

E1200  provides  1.2T  bit/sec  backplane  and  40G  bit/sec 
per  slot. 

March 

2003 

Cisco 

Catalyst  6500  with  720  Supervisory  Module  provides 
720G  bit/sec  switch  fabric  and  up  to  40G  bit/sec  per  slot 

April 

2003 

Enterasys 

Matrix  N  Series  provides  IT  bit/sec  backplane  and 
40G  bit/sec  per  slot. 

Foundry 

Biglron  MG8  provides  1.2T  bit/sec  backplane  and  40G 
bit/sec  per  slot 

December 

2003 

Extreme 

BlackDiamond  10K  provides  1.6T  bit/sec  switch  capacity 
and  40G  bit/sec  per  slot 

THOSE  STILL  USING 
SERVERS  FOR  STORAGE 
MAY  FIND  THIS  TECHNOLOGY 


EQUALLY  EXCITING. 
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“Silent  Spin”  dial 


Multi-Line  capacity 
(up  to  six  lines  +  intercom!) 


Available  in  three  designer  hues 
including  onyx  black 


Two  ring  tones  and 
three  volume  settings 


But  those  who  are  ready  to  separate  storage  from  servers  will  find  this  even  more  thrilling:  The  EMC 
CLARiiON  CX  series  now  starts  at  just  $9,995.  That’s  right.  You  can  consolidate  all  your  information, 
protect  it  better,  and  manage  it  far  more  efficiently  at  a  surprisingly  retro  price.  Advanced  EMC  stor¬ 
age  for  faster,  more  secure  backup  has  never  been  so  affordable.  Quick,  pick  up  the  phone. 


For  up-to-the-second  details  on  CLARiiON  CX,  dial  us  toll  free  on  your  telephone  at  1-866-464-7381. 

or  go  to  www.EMC.com/growthcompanies. 


CLARiiON  CX  Series 
starts  at  $9,995 


authorized  EMC  Velocity  Partner 
EMC.com/velocity 


,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©2003  EMC  Corp- '  ■'  reserved 
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It  ain’t  braggin’ 
if  you  can  do  it 
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Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can 
measure.  A  network  solutions  and 
services  provider  called  NextiraOne. 


At  NextiraOne,  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing, 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures. 

In  the  United  States  or  around  the 
world.  You  name  it,  we  do  it  -  with 


world-class  results. 


www.NextiraOne.com  (888)  888-1055 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


■  Brightmail  last  week  released  a 
new  version  of  its  enterprise  anti¬ 
spam  software  with  updated  spam 
detectors  and  new  administrator  and 
end-user  tools.  Brightmail  Anti- 
Spam  Version  5.5  can  detect  spam 
sent  with  embedded  deceptive  URLs 

—  those  that  bring  users  to  an  unex¬ 
pected  destination,  such  as  www. 
whitehouse.com.  which  features  adult 
content.  The  upgrade  also  includes  a 
new  version  of  Brightmail's  Open 
Proxy  List,  the  company's  blacklist  of 
spammer  e-mail  addresses  that  is  up¬ 
dated  in  real  time.  New  administrator 
tools  include  a  “suspected  spam"  cat¬ 
egory  and  more-detailed  reports  with 
spam  statistics.  Brightmail  also  has 
updated  its  Microsoft  Outlook  and 
Lotus  Notes  plug-ins  with  this  version, 
giving  end  users  more  control  over 
how  their  spam  is  managed.  The  up¬ 
grade  is  priced  at  $1,500  per  year  for 
49  users;  volume  discounts  apply. 

■  The  Anti-Phishing  Working 
Group,  spearheaded  by  Tumbleweed 
Communications,  has  launched  a  Web 
site  to  inform  the  public  about  e-mail 
spoofing  and  identity  fraud.  The  site, 
www.anti-phishing.org/apwg.htm,  in¬ 
cludes  news,  archives  and  general 
information  about  phishing  —  sending 
e-mail  that  appears  to  be  from  a  retail 
establishment  to  commit  identity  theft 

—  and  links  to  law  enforcement  re¬ 
sources,  the  group  says.  There’s  also  a 
link  to  report  a  phishing  attack  to  the 
working  group. 

■  SeCurityProfiling  has  announced 
a  policy-enforcement  software 
add-on  for  its  SysUpdate  Patch- 
Management  and  Vulnerability  Re¬ 
mediation  software  so  that  adminis¬ 
trators  can  choose  from  security- 
policy  templates  recommended  by  the 
National  Security  Agency,  SANS  In¬ 
stitute,  the  U.S.  Navy  or  ISO  17799. 
Customers  also  can  choose  to  build 
their  own  policy  sets.  Available  for 
Windows,  Solaris  and  Linux,  Sysdate 
with  the  Policy  Compliance  and  En¬ 
forcement  add-on  costs  about  $33  for 
10,000  machines.  Prices  depend  on 
volume. 


Vendors  bulk  up  patch  mgmt 


■  BY  JOHN  FONTANA 

Patch  management  vendors  BigFix  and 
LanDesk  are  upgrading  their  software  to 
meet  corporate  demand  for  more-compre¬ 
hensive  tools  that  go  beyond  the  discovery 
and  installation  of  new  patches. 

This  week  BigFix  will  release  Version  4.0 
of  its  Patch  Manager,  which  allows  for  mon¬ 
itoring  of  75,000  nodes  from  a  single  server 
and  automates  problem  resolution.  BigFix 
is  expanding  the  software  to  include  con¬ 
figuration  management,  which  will  flag  sys¬ 
tems  without  the  latest  patches  and  pro¬ 
vide  an  inventory  of  nodes  on  the  network 
and  the  software  they  are  running. 

LanDesk,  whose  Management  Suite  8.0 
has  similar  capabilities,  last  week  added  a 
new  module  also  called  Patch  Manager. 
Both  vendors  offer  support  for  Windows, 
Linux  and  Unix. 

Companies  such  as  Altiris,  Configure- 
Soft,  Ecora,  Loudcloud,  Microsoft,  Patch- 
Link  and  Shavlik  Technologies  develop 
similar  patch  management  tools  and  are 
broadening  their  focus  to  combat  other 
security  vulnerabilities  such  as  poor  sys¬ 
tem  configuration. 

Corporate  users  are  beginning  to  realize 
that  patch  management  is  not  a  single  task 
but  a  process  that  includes  a  detailed  in¬ 
ventory,  change  management,  configura¬ 
tion  management,  asset  management,  and 
maintenance  and  communications  plans. 

“You  need  a  process  to  evaluate  patches 
and  how  they  affect  your  corporate  net¬ 
work,”  says  Andy  Nosal,  supervisor  of  tech¬ 
nical  services  and  LanDesk  operations  for 
financial  firm  Raymond  James  Financial  in 
St.  Petersburg,  Fla.  He  says  patching  mistakes 
could  cripple  desktops  and  put  his  firm  out 
of  business. “We  don’t  like  to  do  a  fire  drill 
when  a  new  patch  is  released,”  he  says. 

The  company,  which  has  established  a 
patch  SWAT  team,  runs  Management  Suite 
to  provide  inventory  and  is  evaluating  the 
addition  of  Patch  Manager. 

LanDesk’s  Patch  Manager  features  a  vul¬ 
nerability  scanner  that  recognizes  nodes 
on  the  network  that  need  a  new  patch.The 
module  validates  new  patches  and  checks 
for  conflicts  or  dependencies.The  software 
includes  a  synchronization  feature  that 
checks  with  patch  sites,  such  as  Windows 
Update,  to  find  new  patches. 

The  software  also  has  an  application  pol¬ 
icy  manager  to  assure  that  groups  of  com¬ 
puters  are  configured  identically  and  in¬ 
cludes  a  mechanism  called  Peer  Down¬ 
load,  which  makes  it  more  efficient  to  dis- 


Big  holes 

Over  the  past  three  years, 
there  have  been  nearly 
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security  vulnerabilities 
reported  to  the  Computer 
Security  Division  at  the 
National  Institute  of 
Standards  and  Technology. 
They  can  be  searched  in 
the  ICAT  metabase  at 
icat.nist.gov. 


tribute  patches  over  the  network. 

LanDesk’s  Management  Suite  is  priced  at 
$89  per  user,  and  the  Patch  Management 
module  is  an  additional  $12. 

BigFix’s  software,  also  called  Patch 
Manager,  is  part  of  the  BigFix  Enterprise 
Suite  (BES),  which  includes  a  server  and 
a  host  of  agents  that  detect  and  install 


needed  patches. 

In  Version  4.0,  BigFix  has  boosted  the 
number  of  supported  nodes  from  15,000 
to  75,000  on  a  single  BES  Server,  which 
runs  on  Windows  2000  or  2003. 

“Now  we  can  support  deployments  to  an 
entire  global  organization,”  says  Greg  Poto, 
vice  president  of  product  management  for 
BigFix.  Also  new  is  a  feature  called  custom 
actions,  which  lets  administrators  make 
configuration  changes  or  fix  problems  on 
the  fly  on  a  single  computer  or  across  a  set 
of  computers,  including  desktops,  laptops 
and  servers.  A  new  dashboard  provides  a 
vulnerability  status  report  through  either  a 
desktop  or  Web-based  interface,  and  a  real¬ 
time  progress  report  shows  how  a  fix  is  pro¬ 
gressing  across  a  network. 

BigFix  also  has  made  improvements  to 
performance  with  new  caching  and  re¬ 
porting  features,  and  added  a  new  user  in¬ 
terface  to  ease  administration  of  large  de¬ 
ployments,  delegate  management  over  a 
number  of  administrators,  and  organize 
and  store  patches. 

Patch  Manager  4.0  is  priced  at  $2 1 .50  per 
Windows  computer  and  $58  for  Linux  and 
Unix  machines.  ■ 


Tools  help  users  assess 
application  performance 


■  BY  DENISE  DUBIE 

A  couple  of  vendors  are  set  to  air  prod¬ 
ucts  this  week  designed  to  give  companies 
a  better  read  on  application  performance 
by  aggregating  network  and  system  man¬ 
agement  data. 


More  online! 

Which  technologies  best  improve  net  performance? 
Which  breakthroughs  in  caching  and  compression  free 
WAN  capacity?  Find  out  at  Network  World’s  Technology 
Tour,  Network  Management:  The  New  Business  Focus. 

DocFinder:  8932 


NetQoS  improved  its  ReporterAnalyzer 
application  management  appliance  — 
which  collects  NetFlow  routing  data 
from  Cisco  routers  —  to  gather,  correlate 
and  deliver  analysis  on  that  data  across 
enterprise  networks.  The  previous  ver¬ 
sion  collected  data  on  a  per-router  basis; 
now  it  correlates  data  collected  from 
multiple  routers. 

“NetFlow  collections  can  provide  deep 
visibility  into  application  behavior,”  says 
Glenn  O’Donnell,  research  director  at 
Meta  Group. 

NetQoS  uses  a  data  collector  that  sits 
near  core  network  routers,  a  data  inter¬ 
preter  that  is  connected  to  a  hub  router 
and  server  reporting  software.  The  collec¬ 
tors  passively  monitor  NetFlow  traffic,  com¬ 
press  the  data  and  send  it  to  the  inter¬ 
preter,  which  analyzes  the  information. 
The  interpreter  then  sends  the  data  to  the 
server,  from  which  network  administrators 
See  Applications,  page  24 
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CIO  Ron  Danielson’s  Triple  Play  of  Bandwidth  Savings,  Increased  Server  Capacity  and  Extended  Life  Cycle 


THE  IDEA 


was  to  provide  more  widespread  access  to  business-critical 
enterprise  applications  without  increasing  the  administrative 
burden  on  the  IT  department.  Before  that  goal  would  be  realized,  however, 
Santa  Clara  University  (SCU)  got  a  lesson  in  what  can  go  wrong  with  Web- 
based  applications  and,  more  importantly,  how  to  remedy  the  problems. 


In  July  of  2002,  SCU  made  the  move  to 
PeopleSoft  8,  the  Web-enabled  version  of  the 
popular  application  suite.  The  school  uses 
PeopleSoft  to  support  human  resources,  financial 
and  student  administration  applications,  including 
admissions,  financial  aid  and  course  registration 
programs,  says  Ron  Danielson,  chief  information 
officer  for  SCU,  an  8,000-student  university  in 
Santa  Clara,  Calif. 

“As  much  as  we  possibly  can,  it’s  our  intention 
to  push  access  to  administrative  information  out 
to  students,  faculty  and  staff,”  Danielson  says.  With 
the  previous  version  of  PeopleSoft,  that  was  a  chal¬ 
lenge  because  it  required  client  software  on  each 
user’s  desktop.  “With  the  Web  front  end,  anybody 
with  a  browser  can  come  in  and  get  access.” 

Access  they  did,  so  much  so  that  the  university’s 
application  servers  were  overloaded  and  perform¬ 
ance  was  much  slower  than  with  the  previous 
version.  “We  were  one  of  the  first  half-dozen 


universities  in  the  country  to  upgrade  to 
PeopleSoft’s  new  Web-based  product,  and  we 
thought  we’d  spec’d  out  our  network  and  equip¬ 
ment  adequately  to  meet  our  performance 
needs,”  he  says.  “But  we  weren’t  even  close.” 


SCU’S  REDLINE  BENEFITS 
AT  A  GLANCE: 


■  Bandwidth  reduction:  E|X  3250  reduces 
bandwidth  requirements  by  up  to  10M  btt/sec, 
saving  SCO  at  least  $48,000  per  year. 

■  Increases  server  capacity:  Offloads  connection 
management,  1/0  and  SSL  processing, 
essentially  cutting  server  loads  in  half. 

■  Reduces  number  of  network  components: 
Reduces  the  amount  of  data  traffic,  enabling 
network  components  such  as  firewalls  to 
handle  more  load. 


IN  SEARCH  OF  A  FIX 

Initially,  Danielson  and  his  staff  tried  throwing 
more  hardware  and  software  at  the  problem. To  an 
initial  configuration  of  one  Web  server  and  one 
application  server,  they  added  three  more  Web 
servers  and  one  new  application  server.  They  also 
brought  in  performance  management  and  soft¬ 
ware  tuning  tools,  and  changed  some  PeopleSoft 
parameters  related  to  processing  input  from  users. 

“This  brought  performance  to  an  ‘acceptable’ 
level,”  Danielson  says.  “But  now  we  had  six  servers 
instead  of  two,  and  we  were  still  spending  a  lot 
more  time  on  the  problem  than  we  would  have 
liked.” 

In  the  fall  of  2002,  the  university  learned  about 
Redline  Networks  of  Campbell,  Calif.  Redline 
makes  a  family  of  appliances  designed  to  improve 
Web-based  application  performance  by  offloading 
from  the  server  I/O  processing  and  connection 
management  chores,  while  compressing  content 
to  conserve  bandwidth. The  appliances  also  handle 
Secure  Sockets  Layer  (SSL)  processing,  thus 
serving  to  improve  security. 

LESS  BANDWIDTH, 

MORE  PERFORMANCE 

In  November,  SCU  installed  one  ot  Redline’s 
E  |  X  3250  appliances  and  saw  an  immediate. 
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dramatic  improvement.  Bandwidth  usage  associated 
with  the  PeopleSoft  applications  plummeted  by 
70%,  thanks  to  the  compression  features  inherent 
in  the  E  |  X  3250.  At  the  same  time,  because 
the  E  |  X  3250  handled  connection  management 
chores  and  I/O  processing,  server  capacity 
effectively  doubled. 

The  magnitude  of  server  capacity  and  perform¬ 
ance  improvements  hit  home  when  one  of  the 
university’s  servers  went  down  for  more  than  a 
week.  “We  didn’t  even  notice  a  change  in 
performance,”  Danielson  says.  “That  tells  us  how 
much  headroom  the  Redline  box  has  given  us 
with  our  PeopleSoft  applications.” 

Like  the  rest  of  Redline’s  enterprise  applica¬ 


tion  processors,  the  E  |  X  3250  sits  in  front  of 
servers  and  receives  requests  from  hundreds  or 
thousands  of  client  browsers.  It  processes  the 
thousands  of  relatively  slow  requests  as  they 
come  in  from  users  and  shuttles  them  to  the 
appropriate  servers  at  high  speed  over  just  a  few 
dozen  persistent  TCP  connections. 

“As  far  as  the  Web  servers  are  concerned, 
they  have  a  single  connection,  which  is  to  the 
Redline  box,”  Danielson  says.  The  servers  no 
longer  have  to  perform  complex  scheduling 
of  requests  arriving  randomly  over  a  large 
number  of  connections.  Instead,  they  service 
each  response  as  it  arrives  and  send  information 
back  to  the  enterprise  application  processor, 
which  delivers  pages  to  the  client  browser  at 
whatever  speed  the  browser  can  efficiently 
handle. 

The  E  |  X  3250  worked  so  well  for  SCU’s 
PeopleSoft  implementation  that  the  university 
soon  installed  an  additional  unit  to  improve  the 
performance  of  Novell  GroupWise  servers  that 
provide  Web-based  e-mail  access.  Here  the  E  |  X 
3250  sits  in  front  of  four  servers,  performing 
load  balancing,  connection  management  and 
compression.  For  its  GroupWise  application,  the 
university  also  takes  advantage  of  the  E  |  X  3250’s 
SSL  offload  capability,  which  obviates  the  need 
for  the  servers  to  maintain  large  amounts  of  user 


data,  including  client  certificate  infor¬ 
mation.  It  also  ensures  that  end  users 
have  no  direct  access  to  the  application 
servers  and  the  often-sensitive  infor¬ 
mation  they  contain. 

Results  from  the  GroupWise 
implementation  have  been  similar 
to  those  for  PeopleSoft:  bandwidth 
consumption  on  the  university’s  WAN 
links  has  been  cut  in  half  and  response 
time  has  improved. 

SAVINGS,  SAVINGS, 
SAVINGS 

The  bottom  line,  Danielson  says,  is 
that  the  Redline  appliances  enable 
SCU  to  realize  savings  in  three  areas: 
bandwidth  reduction,  increased  server 
capacity  and  extended  life  cycle  of 
other  network  components. 
Bandwidth  savings  come  from  the 
compression  features  of  the  appliance,  which  are 
browser-aware  to  adaptively  compress  content 
for  each  requesting  user  and  never  require 
specialized  client  software.  The  features  save  6M 
to  10M  bit/sec  of  bandwidth,  which  Danielson 
says  would  cost  the  university  an  additional 
$4,000  to  $5,000  per  month. 

In  terms  of  server  capacity,  Danielson  figures 
he  could  remove  two  of  the  four  servers 
supporting  his  PeopleSoft  implementation 
without  suffering  a  performance  hit,  although 
he  has  opted  to  leave  the  installation  as-is  to 
allow  for  anticipated  growth  in  the  number  of 
applications  and  users.  Similarly,  on  the  e-mail 
side,  “We  probably  won’t  have  to  grow  that 
server  farm  dramatically  to  handle  additional 
load,”  he  says. 

Just  as  the  Redline  appliances  enable  him  to 
get  more  life  out  of  his  servers,  they  do  the  same 
for  network  components  such  as  firewalls. 
“With  the  Redline  box  reducing  bandwidth 
usage,  there’s  less  for  the  firewalls  to  examine,”  so 
a  single  firewall  can  effectively  handle  more 
load. 

In  coming  months,  SCU  will  be  adding  to  its 
Redline  implementation  another  server  group 
that  supports  university  financial  applications. 

To  sum  up,  Danielson  says,  “This  box  delivers 
on  all  its  claims.” 


LEARN  MORE  ABOUT  REDLINE  NETWORKS  ONLINE 
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Hear  Ron  Danielson  tell  his  story  in  an  on-demand  webcast. 

Visit:  http://www.itworld.com/redline 

Download  the  white  paper, 

“The  New  Data  Center:  Toward  a  Consolidated  Platform.” 

Visit:  http://www.redlinenetworks.eom/p/whitepaperrequest 
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)  is  the  season  to  be  shopping  (and 
I  shopping  and  shopping).  More  rele- 
I  vant  to  the  scope  of  this  column  is 
the  data  point  that  more  of  this  shopping  is 
being  done  online.  1  expect  that  even  more 
would  be  if  some  online  retailers  were  not 
quite  so  greedy. 

Depending  on  whose  guessing  you  want 
to  believe, online  holiday-related  sales  will 
be  26%  to  42%  greater  than  last  year.  If 
these  predictions  turn  out  to  be  accurate, 
online  holiday  sales  will  total  as  much  as 
$17  billion;  this  is  still  a  rather  small  part  of 
overall  holiday  sales  in  the  U.S.The  high¬ 
est  estimate  I’ve  seen  in  the  press  is  that 
online  sales  will  amount  to  only  7.7%  of 
overall  sales. 

One  estimate  1  saw  projected  that  online 
holiday  sales  would  exceed  catalogue  hol¬ 
iday  sales  in  the  next  year  or  two.  A  nice 
rate  of  growth  but  not  one  I  would  expect 
to  continue  for  all  that  long  —  too  many 
people  (not  including  me)  seem  to  find 


Oracle  patches 

■  BY  ROBERT  MCMILLAN 

Oracle  has  issued  a  security  alert  and 
software  patches  for  a  set  of  serious  vulner¬ 
abilities  in  the  security  protocols  some  of 
its  server  products  use. 

The  flaws  affect  certain  versions  of  Or¬ 
acle’s  8i  and  9i  Database  Server,  Oracle  9i 
Application  Server  and  Versions  8  and  9 
of  the  Oracle  HTTP  Server,  according  to 
the  alert. 

Any  client  that  can  access  an  affected 
Oracle  server  could  exploit  the  vulnerabili¬ 
ties,  according  to  the  alert,  which  charac¬ 
terizes  users’  risk  of  exposure  from  the  vul¬ 
nerability  as  “high.”  Oracle  “strongly  recom¬ 
mends"  that  users  apply  patches  for  these 
vulnerabilities  and  says  there  were  no  alter¬ 
nate  workarounds  to  correct  the  issues. 

The  flaws  exploit  the  Abstract  Syntax  No¬ 
tation  1  (ASN.l)  syntax  notation, which  the 
Secure  Sockets  Layer  (SSL)  and  Transport 
Layer  Security  (TLS)  protocols  use,  which 
are  used  widely  for  exchanging  data 
securely  on  the  Internet. 

“A  lot  of  the  problems  have  to  do  with  the 
way  that  ASN.  1  handles  purposefully  badly 
constructed  data’’  says  Art  Manion  an  In¬ 
ternet  security  analyst  with  Carnegie 
Mellon’s  CERT  Coordination  Center. 

By  submitting  data  that  was  “purposefully 
badly  constructed,”  a  malicious  client  the¬ 
oretically  could  gain  control  over  cer¬ 
tain  servers  running  SSL  or  TLS  software, 
Manion  says. 

“In  a  worst-case  scenario,  a  malicious 
client,  using  a  specially  crafted  client  cer- 


Rejecting  shopping  accounts 


the  crush  at  the  shopping  malls  an  intrinsic 
part  of  the  gift-giving  process. 

As  you  might  expect,  news  of  online  holi¬ 
day  sales  growth  has  managed  to  further 
excite  local  tax  collectors  over  the  missed 
revenue  opportunity  Headway  has  been 
made  on  the  taxing  front.  Quite  a  few  states 
are  well  along  in  simplifying  their  tax  struc¬ 
tures  so  they  will  be  ready  when  the 
Streamlined  Sales  and  Use  Tax  Act  —  a  bill 
being  discussed  in  Congress  —  or  some¬ 
thing  like  it  passes  in  the  next  year  or  two.  I 
fully  expect  to  pay  sales  taxes  on  most  on¬ 
line  purchases  next  year,  although  the 
often-glacial  processes  in  Washington,  D.C., 
might  keep  it  from  happening  for  another 
year.  (1  do  not  know  how  one  can  have 
glaciers  in  a  place  that  gets  so  hot  in 
August,  but  they  seem  to  be  prevalent.) 

I’ve  done  a  lot  of  online  shopping  this 
year,  and  most  of  the  experience  has  been 
quite  good.  Most  online  retailers  have  Web 
sites  where  it’s  easy  to  find  things,  check 
stock,  enter  shipping  and  credit  card  infor¬ 
mation,  and  move  onto  the  next  site.  But  I 
ran  into  two  other  classes  of  sites  where  it 
is  clear  the  vendors  don’t  know  what  they 
are  doing. 

A  few  sites  seem  to  have  been  designed 
by  the  developer  of  Dungeons  and 


SSL  server  bugs 

tificate,  could  execute  arbitrary  code  on  a 
vulnerable  server)  he  says. 

Though  the  exploit  is  technically  possi¬ 
ble,  hackers  have  yet  to  use  it,  Manion  says. 
“These  vulnerabilities  aren’t  so  dead  easy 
to  exploit,”  he  says. 

Researchers  at  London’s  National  Infra¬ 
structure  Security  Coordination  Center 
originally  discovered  the  vulnerabilities 
and  then  documented  them  in  a  CERT 
advisory  Oct.  1 ,  Manion  says. 

Oracle  could  have  reduced  the  risk  that 
these  bugs  present  had  it  removed  certain 
features  from  the  OpenSSL  software 
libraries  included  with  its  servers,  says  Thor 
Larholm,  a  senior  security  researcher  with 
PivX  Solutions,  a  network  security  consul¬ 
tancy  in  Newport  Beach,  Calif. 

“Oracle  . . .  should  have  done  more  to 
tailor  the  available  functionality  in  the 
libraries  they  included,  as  some  of  the 
vulnerabilities  in  OpenSSL  —  which 
Oracle  subsequently  became  vulnerable 
to  —  [are]  not  even  used  by  Oracle 
itself,”  he  says. 

The  vulnerabilities  have  affected  a  variety 
of  software  that  employs  the  SSL  and  TLS 
protocols,  including  Oracle’s,  he  says. 

McMillan  is  a  correspondent  with  the  IDG 
News  Service’s  San  Francisco  bureau. 


Dragons  —  things  are  almost  impossible  to 
find  and  even  if  you  manage  to  find  what 
you  want  you  cannot  figure  out  how  to 
check  out.  The  most  annoying  problem  is 
sites  that  insist  on  forging  a  life-long  bond 
with  you.  You  cannot  just  buy  something, 
you  have  to  set  up  an  account  complete 
with  password.  As  far  as  I  can  tell,  they  just 
want  to  have  a  way  to  spam  you  later. 
Needless  to  saysites  like  that  did  not  get  my 
business.  If  they  had  just  let  me  buy  the 


Applications 

continued  from  page  21 

access  traffic  and  application  data  via  a 
Web  browser.  The  upgraded  version  is 
priced  at  $50,000. 

NetFlow  is  part  of  Cisco’s  IOS  that  collects 
and  measures  data  as  it  enters  specific 
routers  or  switch  interfaces.  The  data  can 
be  used  to  monitor  key  applications,  in¬ 
cluding  accounting,  billing  and  network 


Performance 
perfect  storm 

A  number  of  factors  prove 
executives  need  to  find 
better  ways  to  build  and 
manage  high-performance 
applications. 

The  cost  of  application  downtime 
per  hour  equals  about 

$12,700, 

and  it  takes  on  average 
more  than  25  hours  to 
resolve  a  problem. 

NfWPORf  GROUP 

50% 

of  IT  projects  are  delivered 
over  budget,  and  50%  fail 
to  meet  objectives. 

GAR  I  NI  K 

Faulty  software  cost  the  U.S. 
economy  in  2002  about 

$59.5  billion 
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stuff  they  would  have.  Maybe  next  year  I'll 
get  simplicity  along  with  the  taxes. 

Disclaimer:  Simplicity  is  not  a  feature  of 
any  organization,  like  Harvard,  which  is 
more  than  350  years  old  —  so  the  above 
plea  is  mine,  not  the  university’s. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sobco. 
com. 


planning,  for  corporate  or  service  provider 
customers. 

O’Donnell  says  if  enterprise  IT  managers 
want  more  detailed  data  on  where,  how 
and  by  whom  specific  applications  are 
being  used  and  how  that  use  affects  the 
network,  they  need  to  enable  NetFlow  on 
their  networks.  Competitors  such  as  Con¬ 
cord  Communications  and  InfoVista  also 
deliver  this  type  of  deep  packet  and  appli¬ 
cation  traffic-flow  analysis.  O’Donnell  says 
NetQoS  could  improve  on  the  analysis,  but 
for  NetFlow  reporting  at  this  time,  the  prod¬ 
uct  reveals  useful  data  for  enterprise  users. 

In  separate  news,  Shunra  upgraded  its 
Storm  Solution  Suite  to  integrate  with  third- 
party  application  testing  tools  such  as 
Topaz  from  Mercury  Interactive.  The  inte¬ 
gration  will  let  Storm  pull  in  more  perfor¬ 
mance  data  across  enterprise  data  centers. 

The  product  uses  a  combination  of 
hardware  with  embedded  software  to 
emulate  corporate  networks  for  applica¬ 
tion  testing  in  pre-production  labs  or  for 
application  performance  troubleshooting 
on  live  networks. 

Storm  comes  as  an  appliance  with  em¬ 
bedded  software,  which  is  plugged  in  to  the 
network  like  an  Ethernet  switch.  Rather 
than  acting  as  a  switch,  the  Storm  appli¬ 
ance  watches  application  packets  and  re¬ 
ports  on  performance  metrics.  Network  en¬ 
gineers  then  can  determine  the  network 
latency  response  time  and  bandwidth  uti¬ 
lization  of  an  application  on  their  network. 
With  that  information)  network  engineers 
might  choose  to  reconfigure  their  networks 
or  ask  application  developers  to  rewrite 
the  software  code. 

“This  is  a  tool  that  can  do  more  than  sim¬ 
ulate,  it  can  provide  real-world  testing  for 
an  application,”  Meta’s  O’Donnell  says.  He 
adds  network  engineers  can  use  this  type 
of  application  performance  monitor  to 
build  better  networks,  but  more  so  applica¬ 
tion  developers  would  benefit  from  this 
when  designing  applications  to  run  on  spe¬ 
cific  networks. 

“This  type  of  tool  could  help  developers 
build  better  applications  and  prevent  per¬ 
formance  problems  on  the  networks  later 
on,"  he  adds.  Companies  such  as  Compu- 
ware  and  Opnet  also  deliver  products  that 
profile  an  application’s  performance 
against  network  infrastructure  and  avail¬ 
able  bandwidth. 

Pricing  for  Shunra/Storm  Solution  Suite 
3.1  starts  at  $40,000  and  can  scale  to 
$150,000,  depending  on  configuration.  ■ 


Home  is  no  longer  just  a  place  where  our  phone  lines  begin  and  end. 

Home  is  at  the  heart  of  one  of  the  world’s  largest  communications  networks. 

Home  is  in  more  than  140  countries,  on  six  continents. 

Home  is  where  our  customers  want  to  be  when  they  connect. 

And,  for  67%  of  the  FORTUNE  1000,“  home  is  in  the  security,  reliability  and  service  provided  by  MCI. 
Today,  at  MCI,  we’ve  never  felt  more  at  home. 

Because  today  at  MCI,  the  world  is  our  home. 
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FTTP  moving  up  the  to-do  list  for  2004 


■  BY  JIM  DUFFY 

Regional  Bell  operating  companies  say 
they  will  begin  deploying  fiber-to-the- 
premises  technology  next  year,  a  rather 
speedy  time  frame  considering  that 
the  proposal  for  FTTP 
equipment  was  issued 
only  six  months  ago. 

Of  the  three  RBOCs 
that  jointly  issued  the 
proposal,  Verizon  is  the  most  bullish  and 
aggressive  on  FTTP  Verizon  already  has 
named  its  equipment  suppliers  — 
Advanced  Fibre  Communications  is  the 
chief  vendor  —  and  disclosed  plans  to 
pass  1  million  homes  in  2004,  perhaps 
doubling  that  coverage  in  2005. 

SBC,  on  the  other  hand,  is  the  most  con¬ 


servative  on  its  FTTP  implementation. 

“There  is  no  requirement  for  FTTP  to 
gain  share”  in  access  lines,  said  SBC 
CFO  Randall  Stephenson  at  a  recent 
investment  conference.  “Right  now,  it’s 
not  on  our  front  burner.  There’s  no 
sense  urgency  to 
take  FTTP  for  a 
compelling  product 
offering.” 

BellSouth  is  the 
third  RBOC  proposing  FTTP 
FTTP  defines  a  set  of  common  tech¬ 
nical  requirements  for  extending  fiber¬ 
optic  cabling  and  equipment  to  homes 
and  businesses.  The  industry  standard- 
compliant  specifications  will  grease  the 
skids  for  deployment  of  next-generation 


l  ([Regulator 
ambiguity  will] 
only  deter  our 
investment  in 
these  new 
technologies.)  9 

Larry  Babbio 

Vice  chairman  and  president,  Verizon 

broadband  networks  that  deliver  high- 
bandwidth  Internet,  voice  and  video  ser¬ 
vices  and  applications  to  corporations 
and  residences. 

Approximately  10%  of  businesses  in  the 


US.  have  fiber  access  to  the  service 
provider  network,  industry  executives 
have  said. 

RBOCs  hope  the  investment  they 
make  in  running  fiber  to  homes  and 
businesses  will  generate  more  revenue 
for  them  by  way  of  enticing  new  ser¬ 
vices  and  higher-speed  transport  for 
their  customers. 

They  also  hope  it  will  stem  the  loss  of 
customers  and  access  line  revenue  to 
alternative  service  providers  such  as 
cable  companies. 

But  FTTP  is  rife  with  deployment  chal¬ 
lenges.  The  main  one  is  in  the  fiber  run 
and  how  much  that  fiber  run  will  cost. 

RBOCs  have  a  choice  of  overbuilding 

See  FTTP,  page  28 


FTTP:  Coming  to  a  curb  near  you. 


C&W  files  Chapter  11;  bows  out  of  U.S. 

Carrier  vows  to  support  customers  during  transition  to  Gores  Technology  Group. 

G&W  through  the  years 

Bankruptcy  and  sales  of  assets  continue  Cable  &  Wireless’  move  away  from  U.S. 
business: 


1998 

Buys  MCl’s  IP  backbone. 

Feb.  2002 

Purchases  Exodus  assets,  including  30  data  centers. 

Nlay  2002 

Announces  plans  to  shed  U.S. -only  voice  customers. 

Sept  2002 

Sells  U.S.  retail  voice  business  to  Primus. 

Nov.  2002 

Ditches  domestic  business  in  U.S.  and  Europe. 

Jan.  2003 

CEO  Graham  Wallace  announces  departure. 

April  2003 

Names  Francesco  Caio  as  CEO. 

June  2003 

Announces  it  is  exiting  U.S.  market  completely. 

Dec.  8, 
2003 

Announces  deal  to  file  Chapter  11  and  sell  assets  to  GoresTechnology 
Group. 

Takes 

■  SBC  last  week  said  it  will  reduce 
its  workforce  by  3,000  to  4,000 
employees  as  part  of  a  continuing 
effort  to  cut  costs.  The  reduction  will 
come  through  attrition  and  an 
enhanced  retirement  program,  SBC 
said,  and  will  prompt  the  regional  Bell 
operating  company  to  take  a  one¬ 
time  charge  of  up  to  $150  million  in 
the  fourth  quarter.  SBC  employs 
about  175,000  people,  so  the  cuts 
would  represent  a  1.7%  to  2.3% 
reduction  in  staff.  SBC  also  said  it  is 
investing  in  “productivity  improve¬ 
ments"  that  are  expected  to  save 
$1.3  billion  annually  in  expense  and 
capital  costs  by  2006. 

■  Time  Warner  Cable  last  week 
announced  partnerships  with 
MCI  and  Sprint  that  should  help  it 
roll  out  its  voice-over-IP  service 

across  the  U.S.  Time  Warner  Cable 
introduced  VoIP  services  in  parts  of 
Maine  and  North  Carolina  earlier  this 
year.  The  agreements  with  Sprint  and 
MCI  will  let  Time  Warner  Cable  “con¬ 
tinue  its  aggressive  rollout  through¬ 
out  next  year,”  the  company  said.  The 
service  should  be  available  in  most 
U.S.  markets  by  year-end  2004. 


■  BY  JENNIFER  MEARS 

Cable  &  Wireless  has  ended  more  than  a 
year  of  uncertainty  regarding  the  future  of 
its  U.S.  business,  but  observers  are  mixed 
over  what  the  news  means  for  customers. 

Last  week,  the  company  announced  that 
it  was  filing  voluntary  petitions  for  Chapter 
1 1  reorganization  as  part  of  a  deal  to  sell 
the  bulk  of  its  assets  to  Gores  Technology 
Group,  an  investment  firm  that  specializes 
in  revitalizing  distressed  technology  com¬ 
panies.  C&W  executives  say  maintaining 
service  to  customers  is  their  top  priority 
during  the  transition. 

“The  good  news  is  they  found  a  buyer  for 
the  business,  which  means  customers  are 
not  going  to  be  in  limbo,  not  knowing  if 
there  is  a  future  and  if  service  is  going  to 
dwindle,” says  Brownlee  Thomas,  a  telecom 
analyst  at  Forrester  Research. 

But  Kate  Gerwig,  principal  analyst  of  net¬ 
work  services  at  Current  Analysis,  isn’t  as 
optimistic.  She  questions  who  will  ulti¬ 
mately  be  running  the  C&W  network  and 
says  the  Chapter  11  process  allows  for 
other  buyers  to  bid  for  C&W’s  assets. 

“1  don’t  see  that  customers  have  a  lot 
more  certainty  than  they  did  before,” 
she  says. 

A  spokesman  for  C&W  says  employees 
will  be  transferred  in  the  sale  and  will  con¬ 
tinue  to  run  the  C&W  network. 

The  sale  is  valued  at  $125  million  and  is 


subject  to  bankruptcy  court  approval  and 
C&W  meeting  certain  business  targets.  It 
ends  a  tough  chapter  for  the  service 
provider  that  entered  the  U.S.  infrastructure 
market  with  a  bang  when  it  bought  MCI’s  IP 
backbone  in  1998. 

The  carrier  then  spent  more  than  $1  bil¬ 
lion  in  2001  with  the  hopes  of  becoming 
the  leading  Internet  infrastructure  provider 
in  the  U.S. 

It  bought  content  delivery  network  ser¬ 
vice  provider  Digital  Island  and  the  assets 
of  Exodus  Communications.  The  Exodus 


purchase  vaulted  C&W  into  the  forefront  of 
the  Web  hosting  market. 

C&W  could  never  turn  a  profit 

But  the  carrier,  which  is  based  in  the  U.K., 
never  could  turn  a  profit  on  the  U.S.  busi¬ 
ness  that  company  executives  said  was  los¬ 
ing  more  than  $1  million  per  day. 

In  June,  the  company  announced  that  it 
planned  to  completely  exit  the  U.S.  market, 
but  gave  few  details  about  how  that  would 
take  place. About  5,000  customers  were  left 

See  C&W,  page  28 
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Convergence  was  one  of  the  most 
omnipresent  buzzwords  of  the 
1990s.  Remember  all  the  pundits 
yakking  about  how  it  would  usher  in  a 
new  era  of  computing  and  communica¬ 
tions  for  the  new  millennium? 

Guess  what?  The  pundits  were  right. 
Even  though  the  convergence  catchword 
has  lost  its  cachet,  the  fundamental  con¬ 
cept  of  integrating  voice,  data  and  video 
across  a  range  of  end  devices  and  access 
types  has  quietly  and  steadily  gained 
strength.  Want  proof?  When  you  e-mail 
your  photo  to  your  buddy’s  cell  phone,  or 
call  your  business  associate  from  your  IP- 
based  wireless  PDA  —  that’s  convergence. 
And  it’s  happening  today 


Convergence:  This  time  the  hype  was  justified 


Moreover,  several  recent  trends  mean  IT 
executives  should  make  time  to  plan  for 
how  they’ll  manage  convergence  in  2004 
and  2005.  Specifically: 

•  More  companies  than  ever  are  sup¬ 
porting  remote  workers.  Approximately 
65%  of  employees  work  outside  an  office 
at  least  some  of  the  time,  according  to 
recent  Nemertes  Research  findings.  And 
the  trend  is  upward.  These  individuals 
aren’t  on  T-l  lines,  but  they’re  increasingly 
linked  via  IP  over  wireless  or  digital  cable. 

•  Almost  all  major  U.S.  cable  providers 
have  announced  plans  to  deploy  IP  tele¬ 
phony  services  broadly  next  year.  Last 
week, Time  Warner  Cable  signed  a  deal  to 
roll  out  voice  services  to  subscribers  in  27 
states  (with  the  help  from  MCI  and 
Sprint).  And  Comcast,  Cox  and  Cable- 
vision  plan  similar  rollouts  in  2004. 

•  Wi-Fi  hot  spots  are  growing  faster  than 
anticipated.  Rollouts  in  public  locations 
are  exceeding  expectations,  meaning  that 
remote  users  increasingly  have  the  option 


of  IP-based  wireless  connectivity  for  voice 
and  data. 

•  Infrastructure-independent  service 
providers  are  emerging.  Companies  such 
as  Gric,Fiberlink,iPass  and  Megapath  con¬ 
tinue  to  gain  traction  serving  remote  and 
branch  enterprise  offices  via  a  range  of 
local  access  technologies. 

•  Phone  numbers  go  virtual.  With  wire¬ 
less  number  portability  phone  numbers 
are  now  associated  with  users  —  not 
devices  or  locations. 

IT  professionals  should  consider  these 
trends  in  assessing  connectivity  solutions. 
For  example,  you  might  want  to  rethink 
the  traditional  strategy  of  paying  a  telco 
millions  to  manage  your  phone  services. 
Instead,  you  might  want  to  consider  infra- 
structure-independent  providers  or  aggre¬ 
gators  for  both  voice  and  data  services. 
You’ll  want  to  revisit  your  wireless  services 
pricing  in  light  of  number  portability  (as 
we  noted  in  a  previous  column).  And 
organizations  that  are  based  in  relatively 


new  facilities  might  want  to  consider 
cable  providers  instead  of  telcos. 

But  that’s  just  the  tip  of  the  iceberg. What 
you  need  to  think  about  is  how  your  orga¬ 
nization  will  work  differently  once  appli¬ 
cations  are  voice-  and  video-enabled,  and 
when  the  standard  end-user  device  is  no 
longer  a  desktop,  laptop  or  even  palmtop 
computer,  but  a  wireless  headset. 

Interestingly,  healthcare  organizations 
seem  to  be  at  the  leading  edge  of  this 
assessment.  Aided  by  an  influx  of  dollars 
related  to  Health  Insurance  Portability 
and  Accountability  Act  and  driven  by  the 
need  to  continually  improve  patient  care, 
they’re  finding  innovative  and  creative 
ways  to  bring  convergence  into  the  work¬ 
place. 

Stay  tuned  for  more  on  this  in  2004. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Ronald  Dykes 

CFO,  BellSouth 


FTTP 

continued  from  page  27 

their  existing  copper  cabling 
plant  with  fiber,  or  limiting  fiber 
runs  to  new  homes  and  business 
structures.  RBOCs  also  have  to 
consider  how  to  run  the  fiber  — 
aerially  or  underground  —  and 
how  much  those  rights-of-way 
will  cost. 

Generally,  it  costs  more  to 
trench  fiber  underground  than  it 
does  to  string  it  along  the  wires 
that  run  from  telephone  pole  to 
telephone  pole.  It  also  costs 
more  to  overbuild  an  existing 
copper  infrastructure  vs.  running 
fiber  where  there  are  no  existing 
facilities,  such  as  new  homes  or 
buildings. 

To  date,  only  Verizon  has  said  it 
will  undertake  an  overbuild  pro- 


More  online! 


Voice  over  IP:  IP  telephony  from 
dollar  one  to  dollars  won 

It's  magical:  The  moment  when  data,  voice 
and  video  integrate  across  your  network 
and  suddenly  the  benefits  become  real. 
Employees  more  connected.  Information 
more  accessible.  Customers  more  satis¬ 
fied.  Leam  how  at  Network  World's  first 
Technology  Tour  for  2004. 
DocFinder  8931 


ject,  while  BellSouth  and  SBC  are 
for  the  most  part  holding  back. 

Current  estimates  list  buildout 
costs  at  $600  to  $1,000  per  home. 
The  cost  of  the  build  undoubted¬ 
ly  will  be  factored  into  the  cost  of 
service  to  the  subscriber. 

And  if  subscribers  aren’t  willing 
to  pay  the  asking  price  for  the 
service,  the  hole  dug  for  the  fiber 
quickly  becomes  a  money  pit. 

“It  seems  that  before  FTTP 
becomes  the  growth  engine  we 
all  hope  for,  there  is  pain  in  the 
form  of  lots  of  development 
expense  before  large-scale  de¬ 
ployments  begin  perhaps  in  late 
2004  or  in  2005,”  says  analyst 
Anton  Wahl  of  Needham  and  Co. 

SBC's  take 

This  is  not  lost  on  SBC,  which  is 
why  the  RBOC  is  most  cautious 
on  FTTP 

“The  economics  are  not  appeal¬ 
ing  to  us  on  an  overbuild  basis,” 
says  SBC’s  Stephenson. That’s  why 
SBC  will  limit  its  initial  FTTP 
buildouts  to  greenfield  builds  and 
new  and  existing  multi-dwelling 
units  (MDU)  that  do  not  require 
trenching,  Stephenson  says.  As  a 
result,  the  FTTP  opportunity  will 
be  targeted  instead  of  broad- 
based,  he  says. 

According  to  Wachovia  Capital 
Markets,  SBC  will  commence 
FTTP  trials  in  the  first  half  of  next 
year  with  some  limited  green¬ 
field  or  MDU  deployments  in  the 
second  half  of  the  year.  SBC  pro¬ 
jects  250,000  to  350,000  new 
greenfield  lines  will  be  added 
each  year  after  that,  according  to 
Wachovia. 

SBC  has  not  announced  its 


FTTP  vendor,  but  investment  firm 
UBS  Warburg  says  it’s  likely  to  be 
Alcatel  because  of  Alcatel’s 
incumbency  in  an  SBC  FTTP  trial 
in  California,  and  in  supplying 
the  RBOC  with  DSL  and  digital 
loop  carrier  equipment.  UBS 
Warburg  thinks  SBC  will  deploy 
500,000  FTTP  lines  by  the  end  of 
next  year. 

SBC  declined  to  comment  on 
that  report. 

BellSouth  says  it  will  have 
approximately  1  million  house¬ 
holds  on  fiber  by  year-end. 
Approximately  800,000  are 
greenfield  builds,  and  the  re¬ 
mainder  are  overbuilds,  says 
Peter  Hill,  BellSouth  vice  presi¬ 
dent  of  technology  planning  and 
deployment. 

Looking  ahead,  BellSouth  will 
turn  up  its  “first  office  applica¬ 
tion”  of  FTTP  in  the  second  half 
of  next  year,  Hill  says.  But  the 
RBOC  foresees  no  significant 
increase  in  fiber  investment  next 
year,  CFO  Ronald  Dykes  told  ana¬ 
lysts  last  month. 

“The  [FCC’s]  Triennial  Review 
threw  a  grenade  in  the  middle  of 
[FTTP],”  Dykes  said. “It  chills  any 
incremental  investment.  That 
said,  we’re  still  placing  fiber  in 
new  build  situations." 

The  RBOCs  say  the  FCC’s  recent 


Triennial  Review  of  policies 
regarding  competitor  access  to 
RBOC  facilities  still  needs  clarifi¬ 
cation  before  the  Bells  continue 
to  invest  in  and  build  out  new 
broadband  infrastructure  such 
as  FTTP 

According  to  the  RBOCs,  the 
Triennial  Review  largely  kept  cur¬ 


rent  unbundling  wholesale  regu¬ 
lations  in  place  for  existing  cop¬ 
per  facilities  —  regulations  the 
Bells  say  cost  them  money  and 
discourage  investment  —  but 
requirements  for  new  builds, 
such  as  FTTPare  still  unclear. 

Two  weeks  ago,  Verizon  issued 
a  press  release  calling  on  the 
FCC  to  “readily  provide  the  coun¬ 
try  with  a  national  broadband 
policy”  by  clarifying  the  rules 
that  govern  broadband  networks 
and  services. 

“[Regulatory  ambiguity  will] 
“only  deter  our  investment  in 
these  new  technologies,”  says 
Verizon  Vice  Chairman  and 
President  Larry  Babbio.  ■ 


c&w, 

continued  from  page  27 

wondering  about  the  company’s  fate. 

For  example,  National  Semiconductor  in  Santa  Clara  had  been 
reviewing  alternative  Web  hosting  providers,  but  Phil  Gibson,  vice  pres¬ 
ident  of  Web  business  and  sales  automation  at  the  company,  says  the 
plan  now  is  to  stay  with  C&W 

“We  have  extended  our  contract  with  C&W  through  our  fiscal  year, 
which  ends  in  Ma>(  Gibson  says.“If  they  continue  to  perform  at  today’s 
levels  and  remain  competitive  with  price  and  service  reviews  in 
March/ April,  1  have  no  reason  to  look  for  an  alternative.” 

Most  analysts  are  applauding  C&W  for  making  a  quick  exit  from  the 
stagnate  U.S.  market  at  a  cost  far  below  what  had  been  expected. The 
company  says  it  expects  the  cost  of  exiting  the  U.S.,  including  providing 
up  to  $100  million  in  debtor-in-possession  financing  to  help  keep  U.S. 
operations  going  during  the  transition,  should  not  exceed  about  $500 
million. 

John  Dubel,  CEO  of  Cable  &  Wireless  America,  says  he  expects  the 
sale  to  be  completed  by  the  end  of  February. 

Dubel  and  Eric  Simonsen,  chief  restructuring  officer  and  CFO, 
recently  joined  C&W  America  to  help  lead  the  service  provider 
through  the  financial  restructuring.  Both  are  principals  of  corporate 
restructuring  firm  AlixPartners  and  have  guided  companies  such  as 
WorldCom  through  financial  realignment  ■ 
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You’ve  built  redundancy  into  your  systems, 
but  if  they  can’t  be  used  to  run  your  business, 

they  might  as  well  be  here. 
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SUNGARD 


Availability  Services 


;? ’Keeping  People  and 
Information  Connected 


MANAGED  SERVICES  •  PROFESSIONAL  SERVICES  •  BUSINESS  CONTINUITY 


You’ve  dedicated  tremendous  time  and  resources  to  safeguarding  your  company’s  mission-critical 
systems.  But  if  it  isn’t  combined  with  a  robust,  redundant  infrastructure,  the  latest  technologies, 
professional  expertise,  and  proven  processes;  you  won’t  achieve  the  levels  of  availability  and  uptime 
today’s  marketplace  demands.  That’s  why  you  need  a  SunGard  Information  Availability  strategy. 
Working  with  SunGard,  we’ll  customize  a  total  solution  that  helps  ensure  your  employees  and 
customers  have  uninterrupted  access  to  the  critical  systems  and  data  that  run  your  business,  24/7. 
Make  sure  all  your  systems  are  “go”.  To  see  how  cost  effective  an  Information  Availability  strategy 
can  be,  see  our  white  paper  prepared  by  I  DC  at:  www.availability.sungard.com 


Introducing  information  Availability. 
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remaining  fragments 

Defrag  Manager  2.5  with  SmartPhase 


'Tests  were  performed  on  a  Windows  2000  Server  system  with  a 
120GB  hard  drive,  20%  free  space,  and  1,693,412  starting  fragments 
Elapsed  time  for  Defrag  Manager  2.5:  14h  56m.  Elapsed  time  for 
Other  Leading  Defragger:  23h  57m. 
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The  fastest 
defragger  in 
the  world  won’t 
help  if  it  leaves 
fragments  behind. 

Luckily,  it  doesn’t. 

Introducing  Defrag  Manager™  2.5 
with  SmartPhase. 

Just  a  few  fragments  can  have  a  dramatic  impact 
on  system  performance.  Defrag  Manager  2.5  with 
the  NEW  SmartPhase  defrag  engine  can  remove 
every  fragment  —  faster  than  competing  defraggers 
that  leave  tens  of  thousands  behind.  Install  it  on  just 
one  machine  to  optimize  every  Windows  NT,  2000, 
XP,  and  Server  2003  system  in  your  enterprise.  With 
Defrag  Manager  2.5  and  the  new  SmartPhase  defrag 
engine,  your  enterprise  can  take  a  quantum  leap  in 
performance  —  without  ever  skipping  a  fragment. 

Recover.  Accelerate. 


Learn  More! 

1-800-408-8415 
www.  winternals .  com 


©  2003  Winternals  Software  LP  All  rights  reserved.  Winternals  Is  a  registered  trademark  of  Winternals  Software  LP.  Defrag  Manager  is  a  trademark  of  Winternals  Software  LP.  Windows  NT,  Windows  2000, 
Windows  XP,  and  Windows  Server  2003  are  trademarks  of  Microsoft  Corporation  in  the  US  and/or  other  countries. 
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Active  archiving  eases  data  management 


■  BY  JIM  LEE 

Unprecedented  database  growth  and  the 
need  to  maintain  historical  data  to  meet 
regulatory  requirements  are  driving  infor¬ 
mation  life-cycle  management,  a  compre¬ 
hensive  strategy  for  managing  data  from  the 
time  it  is  acquired  until  it  can  be  deleted. 

Active  archiving  software  lets  companies 
archive  rarely  accessed  data  from  complex 
relational  databases  and  manage  the  data 
efficiently  This  database  archiving  process 
saves  archived  data,  business  context  data 
and  metadata  to  an  archive  file,  which 
remains  referentially  intact.The  files  can  be 
stored  easily  on  the  most  convenient  and 
cost-effective  storage  medium.  For  exam¬ 
ple,  administrators  can  choose  to  place 
them  online  in  an  archive  database,  near¬ 
line  on  a  file  server,  offline  on  optical 
devices,  tape  or  other  long-term  storage. 

Once  archived,  the  data  safely  can  be 
removed  from  application  databases  to 
improve  the  performance  and  availability 
of  critical  systems.  When  the  data  is  need¬ 
ed  again, administrators  and  end  users  can 
easily  access  the  archived  data  and  selec¬ 
tively  restore  it  on  demand. 

Active  archiving  software  identifies  the 
subsets  of  data  to  archive  based  on  user- 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


■  HOW  IT  WORKS 


Active  archiving 

Active  archiving  saves  data  to  an  archive  file,  which 
remains  referentially  intact. 


Ongoing  active  Archive  database 


Administrators/ 

users 
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O  The  administrator  specifies  the  data  to  archive  and  columns  to  index  for  fast  searches  and  retrieval. 

©  The  administrator  creates  an  archive  process  request  that  defines  archiving  specifications,  including 
a  storage  profile. 

©  The  archived  data  is  stored  on  the  most  convenient,  cost-effective  storage  medium. 

©  Users  can  easily  access  archived  data  to  research  or  browse  without  restoring  the  data  first. 

©  Users  can  selectively  restore  data  from  an  archive  file  to  an  alternate  archive  database,  mirrored 


production  tables  or  production  database. 


defined  specifications  such  as  database 
table  names, selection  criteria, archive  poli¬ 
cies  and  archive  index  requirements  that 
allow  for  fast  retrieval.  Specifications  also 
include  user-selected  relationships  to 
define  the  traversal  path  for  archiving  data. 

Archive  processing  begins  with  the  first 
table  the  user  specifies  in  the  traversal 
path.  Data  from  related  tables  are  pro¬ 
cessed  next  based  on  selected  relation¬ 
ships  and  the  logical  keys  of  the  data 
retrieved  from  the  first  table. 

As  part  of  the  archiving  process,  the  meta¬ 


data,  which  includes  database  and  table 
definitions,  indexes  and  relationships,  is 
extracted  and  stored  by  the  archiving  soft¬ 
ware  with  the  archived  data.This  metadata 
provides  the  basis  for  maintaining  the  ref¬ 
erential  integrity  of  archived  data  and  pro¬ 
vides  the  foundation  for  accessing 
archived  data  at  any  time.  The  result  is  a 
self-contained,  transportable  archive  file 
that  ensures  future  access  to  archived  data. 

Administrators  can  remove  data  from  the 
production  database  immediately  after  the 
data  has  been  safely  written  to  the  archive 


file,  or  they  can  choose  to  review  the 
archive  file  before  removing  data  from  the 
production  database.  Data  is  deleted  selec¬ 
tively  from  the  production  database,  leav¬ 
ing  all  other  data  intact. 

Once  data  has  been  archived,  subse¬ 
quent  access  to  it  is  fast  and  simple.  Active 
archiving  software  supports  multiple  meth¬ 
ods  for  accessing  archived  data,  including 
capabilities  for  browsing,  exporting  and 
restoring  it,  and  generating  reports. 

Administrators  and  users  can  restore 
archived  data  selectively.  For  example, 
patient-support  professionals  at  a  health 
insurance  company  can  instantly  retrieve 
information  about  a  patient’s  insurance 
claims  going  back  five  years,  using  the  com¬ 
pany’s  insurance  application  interface.The 
restore  operation  includes  processing  the 
saved  metadata  followed  by  the  restore  cri- 
teria.The  restore  process  also  lets  users  ver¬ 
ify  and  re-create  the  necessary  object  or 
objects  at  a  destination  if  they  do  not  exist. 

Active  archiving  software  can  be  imple¬ 
mented  across  industries  to  manage  data¬ 
base  growth, store  data  cost-effectively  and 
keep  archived  data  accessible  on  demand. 
For  example,  financial-services  applica¬ 
tions  collect  volumes  of  customer  data  that 
can  affect  application  performance. 
Selectively  archiving  data  based  on  busi¬ 
ness  rules  (such  as  data  that  is  more  than 
two  years  old)  can  free  processing  capaci¬ 
ty  and  improve  response  time.  Business 
analysts  would  have  on-demand  access  to 
archived  data  seamlessly  through  their 
financial  applications  and  could  restore 
data  as  needed. 

Lee  is  vice  president  of  product  market¬ 
ing  at  Princeton  Softech.  He  can  be 
reached  at  jlee@princetonsoftech.com. 


Ask 


Dr.  Internet 


By  Steve  Blass 


I  have  a  Sony  PlayStation  2  game  that  is  sup¬ 
posed  to  work  over  the  Internet,  and  I  need  to 
get  it  working  before  Christmas.  I'm  having 
trouble  with  the  networking  through  my  broad¬ 
band  connection.  The  error  message  and  docu¬ 
mentation  say  I  need  to  reset  the  UDP  port  to 
connect  to  the  game  site.  I  can't  find  any  kind 
of  port  to  change  the  settings  on.  Gan  you  help? 


A  UDP  port  is  not  a  physical  thing  with  a 


switch.  It  is  a  network  abstraction  (similar  to 
the  extension  number  in  an  office  phone  sys¬ 
tem)  that  tracks  network  connections  into  and 
out  of  the  machine.  If  you  have  a  broadband 
router  between  your  PlayStation  2  and  the  wall 
jack,  that  device  is  where  you  need  to  change 
the  network  settings  to  ‘‘open"  the  particular 
UDP  port  your  game  is  trying  to  use.  Most 
broadband  routers  have  a  Web  page  interface 
that  the  documentation  should  explain  how  to 


connect  to.  Once  connected,  look  for  a  packet 
filtering  or  firewall  settings  menu.  You  should 
find  a  configuration  page  for  entering  the  UDP 
port  information  and  apply  the  settings  so  your 
firewall  will  let  the  game  traffic  through  to  your 
PlayStation  2. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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DesktopX  marks  the  spot 
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GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 
Gibbs 


If  there  is  one  thing  we  would  like  to  do 
for  our  users  it’s  make  their  lives  simpler. 
And  the  way  we’d  like  to  do  that  is  limit 
what  they  can  do.  If  we  could  lock  down 
their  PCs  so  they  could  do  only  five  or 
seven  things  and  not  the  120,915,4 12  things 
they  are  wont  to  do,  we  would  be  happier. 
Then  they  could  get  their  work  done  with¬ 
out  loading  software,  playing  solitaire  and 
running  applications  we  haven’t  approved. 

We  have  found  the  answer  to  this  prob¬ 
lem:  DesktopX  from  Stardock.  DesktopX 
(go  to  www.nwfusion.com,  DocFinder: 
8922,  for  details)  is  a  type  of  skinning  appli¬ 
cation.  In  fact,  we  mentioned  Stardock  in 
this  column  way  back  in  2000  (DocFinder: 
8923)  in  connection  with  the  company’s 
WindowBlinds  product.  That  software  can 
change  the  look  and  feel  of  Windows  title 
bars,  scrollbars,  push  buttons,  the  Start  bar 
and  every  other  part  of  the  operating  sys¬ 
tem  user  interface. 

Whereas  tools  such  as  WindowBlinds 
just  change  the  look  and  feel  of  applica¬ 


tion  interfaces,  DesktopX  adds  a  new 
dimension  to  skinning  by  making  it  possi¬ 
ble  to  dictate  how  users  interact  with  the 
operating  system.  It  lets  you  modify  and 
extend  or  even  completely  redefine  the 
user  environment  and  replace  as  much  or 
as  little  of  the  interface  functionality  as 
you  please. 

While  DesktopX  runs  under  all  versions 
of  Windows  from  98  onward,  when  used 
with  Windows  XP  and  Windows  2000  it 
becomes  a  powerful  desktop  manage¬ 
ment  tool. 

Objects  overview 

With  DesktopX  you  can  create  and  con¬ 
trol  “objects’’  that  implement  any  functions 
or  services  you  like.  For  example,  you  can 
create  an  object  that  is  a  clock,  a  calendar 
or  a  news  reader.  Or  it  could  be  a  weather 
forecast  display  a  stock  ticker  or  a  system 
status  dashboard.  And  you  can  manage 
how  much  control  the  user  has  over  the 
objects  and  the  system  they  run  on. 

You  can  create  objects  that  are  shortcuts 
to  files  or  applications,  URLs,  other  objects, 
system  commands  (find,  logoff,  etc.)  or 
replacements  for  system  objects  such  as 
the  system  tray,  taskbar  or  even  the  man¬ 
agement  functions  of  DesktopX. 

You  can  even  aggregate  objects  to  cre¬ 


ate  complete  “themes”  that  can  be  partial 
or  total  replacements  of  the  Windows  user 
interface  with  more  or  less  any  look  and 
feel.  DesktopX  comes  with  a  tool  called 
IconX  that  makes  icons  active  so  they  do 
things  such  as  zoom  visually  when  the 
mouse  crosses  them  or  respond  with 
sounds  when  clicked  or  double-clicked. 

DesktopX  objects  can  be  driven  by 
scripts  written  in  VBscript  or  JavaScript 
(C#  and  XAML  are  promised  in  the  near 
future),  and  it  includes  its  own  script  edi¬ 
tor.  What  is  really  cool  is  that  DesktopX 
scripts  can  control  ActiveX  components, 
so  an  object  could  embed  an  Excel 
spreadsheet,  a  Windows  Media  Player,  a 
combo  box,  a  Web  browser  or  any  other 
control  you  please. 

On  the  DesktopX  Web  site  you’ll  find 
some  impressive  examples  of  objects, 
including  one  that  can  control  X-10  de- 
•vices  and  another  called  SysMetrix  that  is 
a  skinnable  clock  and  metering  applica¬ 
tion  that  can  monitor  and  report  on  a 
remarkable  number  of  system  attributes 
and  values. 

The  potential  of  this  product  for  build¬ 
ing  highly  controlled,  task-specific  user 
environments  is  phenomenal.  Under  XP 
or  Win  2000,  you  could  create  an  inter¬ 
face  layout  that  showed  menus  of  appli¬ 


cations  and  a  task  list,  and  then  restrict 
the  application’s  display  area  so  that  the 
menus  and  task  list  could  never  be 
obscured. 

And  with  the  security  controls  you  also 
could  remove  access  to  the  right-click 
menu,  disable  the  task  manager,  disable 
registry-editing  tools  and  other  things 
users  could  get  themselves  into  trouble 
with, and  lock  down  the  DesktopX  control 
menu  with  a  password. 

This  is  a  killer  app,and  there’s  a  free  ver¬ 
sion  if  you  don’t  care  about  security  fea¬ 
tures.  And  if  you  want  to  get  serious  about 
creating  controlled  environments  with 
security  there's  DesktopX  Enhanced  for 
an  amazingly  inexpensive  $19.95. 

For  power  users  there’s  DesktopX  Profes¬ 
sional  LX  ($129), which  along  with  all  the 
other  features  lets  you  generate  stand¬ 
alone  applications  from  objects  for  per¬ 
sonal,  non-commercial  use.  DesktopX  Pro¬ 
fessional  ($499)  is  for  commercial  soft¬ 
ware  developers  and  allows  redistribu¬ 
tion. This  is  an  incredible  tool  that  you  just 
have  to  try!  Maybe  you’ll  be  lucky  to  find 
a  copy  of  DesktopX  in  your  Christmas 
stocking. 

Have  a  terrific  holiday.  Ho,  ho,  ho  to 
gearhead@gibbs.  com. 


Quick  takes 
on  high-tech  toys 

By  Keith 
Shaw 


Sprint  launches  two  handheld 
video  phones 

If  you  thought  a  bunch  of  people 
running  around  taking  photos  with 
their  cell  phones  was  bad,  wait  until 
they  all  start  taking  videos  with  them. 

Sprint  last  week  launched  two  new 
phones  that  can  shoot  video  clips,  the 
Sanyo  VM4500  and  the  Audiovox 
Toshiba  VM4050.  Both  phones  also  let 
you  add  voice  memos  of  up  to  10  sec¬ 
onds  to  any  photo  or  video  clip. 

The  3.85-ounce  VM4500  also  sup¬ 
ports  Sprint’s  PCS  Ready  Link  walkie- 
talkie  service,  wtiich  was  launched 
last  month.  In  addition  to  video  clips 
of  up  to  15  seconds,  the  clamshell- 
style  phone  comes  with  a  built-in 
speakerphone,  a  Wireless  Application 
Protocol  2.0  browser  with  Java  2  Platf¬ 
orm  Mobile  Edition  support  for  Web 
browsing,  and  talk  time  of  up  to  3.25 
hours  with  the 


standard  battery 
and  up  to  10 
days  of  digital 
standby  time. 


Budding  Spielbergs 
now  can  shoot  15- 
second  video  clips 
with  new  cell 
phones  from  Sprint. 


The  VM4500  is  priced  at  $380. 

The  4.09-ounce  Audiovox  Toshiba  VM4050  also  sup¬ 
ports  video  clips  of  up  to  15  seconds,  and  has  a  4X-digi- 
tal  zoom  and  2X-telescopic  zoom  for  still  images,  Sprint 
says.  The  clamshell-style  phone  also  includes  a 
built-in  speakerphone,  external  picture  caller 
ID,  a  personal  organizer  (300  slots),  and 
offers  up  to  3.3  hours  of  talk  time  and  up  to 
10  days  of  standby  time  (in  digital  mode). 
Pricing  on  the  Audiovox  phone  was  not 
announced. 

Concord  digital  camera  gets  Bluetooth 

Concord  Camera  recently  launched  the 
Concord  Eye-Q  Go  Wireless  camera,  a  2- 
megapixel  digital  camera  that  includes  a 
Bluetooth  adapter  that  can  wirelessly  trans¬ 
fer  images  to  any  Bluetooth-enabled  mobile 
phone,  PDA  or  USB-enabled  notebook. 

The  4.5-ounce  camera  costs  $150  and  can 
store  about  100  images  with  its  7M-byte  stor¬ 
age  capacity  The  camera  also  includes  a 
Secure  Digital/MultiMedia  Card  expansion 
slot  for  additional  storage.  It  has  a  4X  digital 
zoom  lens  and  can  capture  AVI  video  clips. 

Images  can  be  beamed  from  the  camera 
to  any  Bluetooth  device  that  supports  the 
Object  Exchange  protocol  and  can  receive, 
process  and  display  a  JPEG  image,  Concord 
says.The  camera  can  detect  up  to  seven  dif¬ 
ferent  Bluetooth  devices,  and  it  lets  users 
choose  which  devices  to  transmit  images  to. 
It  supports  Windows  98  Second  Edition, 
2000,  ME,  XP  Home  and  Professional  sys¬ 
tems.  Go  to  the  Concord  Camera  Web  site 
(www.concord-camera.com)  for  a  list  of 
compatible  Bluetooth  devices. 


2Wire  aims  to  fix  ‘cold  spot’  wireless  problem 


2Wire  has  two  new  wire¬ 
less  gateways  that  attempt 
to  solve  the  “cold  spot” 
dilemma,  in  which  wire¬ 
less  LAN  coverage  with¬ 
in  an  area  goes  “cold” 
because  walls  get  in  the 
way,  access  points  are 
not  well-placed  or  other 
reasons.  The  Home- 
Portal  1000HW  and 
1800HW  are  residential 
gateways  that  increase 
the  reach  of  Wi-Fi  and 
DSL  performance  while 
maintaining  maximum 
throughput,  2Wire  says. 

This  is  done 
by  increasing 
the  transmis¬ 
sion  power  of 
the  gateways 
to  400  milli¬ 
watts,  about  seven  times  the  power  of 
most  retail-based  Wi-Fi  products,  2Wire  says.The  gate¬ 
ways  also  feature  three  antennas  instead  of  two,  which 
the  company  says  helps  improve  the  receive  sensitivity  of 
the  equipment. 

The  1000HW  includes  an  integrated  asymmetric 
DSL  modem,  a  router,  one-port  Ethernet  switch,  firewall 
and  integrated  802.11b  access  point.  The  1800HW 
includes  the  same  features  as  the  1000HW,  but  has  a 
four-port  10/100M  bit/sec  Ethernet  switch. The  gateways 
are  being  sold  to  DSL  service  providers  to  offer  to  their 
customers. 


2Wire's  new  gateways 
increase  the  reach 
of  Wi-Fi  and  DSL 
performance. 


Shaw  can  be  reached  at  kshaw@nww.com. 


IBM  Total  Sto  rage*’ 

The  human  body  has  an  uncanny  ability  to  monitor  and 
adjust  on  demand,  as  do  IBM  TotalStorage®  products. 
Select  IBM  TotalStorage  products  have  powerful  autonomic 
capabilities:  they  proactively  monitor  and  maintain  their 
own  health.  Which  can  help  maximize  uptime.  Which  can 
help  your  bottom  line.  To  learn  more,  download  our  latest 
white  paper  on  autonomic  capabilities  from  the  URL  below. 

IBM  TotalStorage:  storage  fo r  on  demand  business. 

Can  you  see  it?  See  it  at  ibm.com/totalstorage/uptime 


IBM  and  TotalStorage  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 
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EDITORIAL 

Network  World  Staff 


Looking  back  at  our 
2003  predictions 


Setting  the  record  straight 


opinions! 

to  Yahoo  for  misreading  the  company’s  intentions. 


We  made  10  predictions  this  time  last  year  so  it’s 
time  to  see  how  we  did. 

•  Self-healing  and  utility  computing  will  be  all 
the  talk.  This  stuff  popped  up  in  product  road  maps  from 
IBM  to  Veritas  to  Microsoft.  But  it’s  still  mostly  talk.  Industry 
watchers  say  the  promise  is  still  seven  to  10  years  off. 

•  Web  services  standards  will  progress,  but  companies 
will  restrict  projects  to  behind  the  firewall.  True  enough. 
The  standards  are  widely  accepted,  but  intercompany  Web 
services  remains  bleeding  edge  despite  acceptance  of  WS- 
Security  as  the  building  block  for  security 
•  We’ll  hear  more  about  business  impact  management, 
the  idea  of  managing  the  network  for  application  perfor¬ 
mance.  That  buzzword  has  faded  away  but  the  basic 
premise  is  alive  and  well.  Companies  such  as  BMC  and 
Mercury  Interactive  delivered  products. 

•  The  arrival  of  wireless  Ethernet  cards  that  support 
802.1  la  and  802.1  lb  will  spur  adoption  of  802.1  la  in  the 
enterprise.  We  plain  missed  the  fact  that  802.1  lg  —  com¬ 
patible  with  1  la  and  lib  —  would  cause  a  stir  in  ’03.  But 
many  customers  say  they  will  stick  with  1  lb  for  now  and 
move  to  1  la  instead  of  1  lg  because  the  latter  has  fewer 
channels  and  is  more  prone  to  interference. 

•  VoIP  vendors  will  trumpet  the  benefits  of  SIP,  which  is 
music  to  the  ears  of  customers  holding  off  on  VoIP  invest¬ 
ments.  Mostly  right. While  major  players  such  as  3Com, 
Avaya  and  Cisco  dragged  their  feet  on  offering  SIP  gear, 
Alcatel,  Mitel,  Nortel  and  Siemens  have  pushed  ahead. 

•  The  FCC  will  loosen  telecom  regulations,  the  industry 
will  start  to  invest  but  one  of  the  Bells  will  acquire 
WorldCom.  Wrong  on  all  accounts.Telco  capex  was  down 
another  21%  in  ’03,  and  WorldCom,  now  MCI,  is  still  solo. 

•  Multifunction  security  boxes  will  grow  in  popularity. 
Right  on.  Large  and  small  vendors  alike  are  hawking  appli¬ 
ances  that  combine  firewall,  intrusion  detection  and  block¬ 
ing,  Web  filtering,  spam  and  anti-virus  protection. 

•  True  10G  Ethernet  switches  will  arrive,  but  the  equip¬ 
ment  will  be  expensive  and  the  market  still  young.  Most 
vendors  deliver —  Extreme, Cisco,  Foundry,  ForcelO, 
Enterasys  —  but  the  5,000  ports  shipped,  according  to  IDC, 
represented  less  than  $100  million, a  fraction  of  the  $12  bil¬ 
lion  Ethernet  market. Young  indeed. 

•  PC-based  servers  will  continue  their  ascendancy,  with 
power  and  features  that  rival  high-end  enterprise  boxes. 
Another  layup. The  industry  is  shifting  to  commodity  com¬ 
ponents.  IDC  says  “spending  on  industry  standard  x86 
processor-based  servers  (32-  and  64-bit)  has  already  sur¬ 
passed  RISC  as  the  dominant  server  processor  platform.” 

•  Server  consolidation  will  continue  unabated  and 
blades  will  take  off.  Right  on  the  consolidation  front  any¬ 
way,  and  everyone  is  in  the  blade  game  now,  but  sales 
haven’t  exactly  skyrocketed. 

Roughly  seven  right,  depending  on  how  you  count  it.  Not 
bad.  In  January  we’ll  look  out  over  2004. 


Following  the  recent  unification  of  Yahoo’s  instant¬ 
messaging  teams,  there  was  an  erroneous  report  in 
Kevin  Tolly’s  column  “Business  1M:  Boom  or  bust?” 
(www.nwfusion.com,  DocFinder:  8925)  that  we 
would  no  longer  offer  the  Yahoo  Business 
Messenger  service. 

As  the  vice  president  of  communications  products 
at  Yahoo,  I  would  like  to  correct  this  inaccurate 
reporting  and  state  that  we  continue  to  be  commit¬ 
ted  to  developing  and  delivering  enterprise  IM  ser¬ 
vices.  The  Yahoo  Business  Messenger  service  has 
been  well  received  by  a  broad  selection  of  busi¬ 
nesses  —  from  large,  multi-national  corporations  to 
mid-sized, privately  owned  companies. We  are  proud 
to  have  a  growing  base  of  customers  that  includes 
many  familiar  names,  such  as  Clorox,  HSBC,  BEA 
Systems,  BMC  Software  and  Snap-on. 

We  continue  to  see  the  advancement  of  IM  tech¬ 
nology  as  a  means  to  assist,  secure  and  enhance  the 
communications  of  legions  of  businesses  that  have 
adopted  this  method  of  communicating  with  cus¬ 
tomers,  partners  and  colleagues.  By  unifying  our  IM 
teams,  we  now  have  a  greater  concentration  of 
resources  to  assist  us  in  our  endeavors  to  deliver 
more  innovative  business-messaging  services. 

We  remain  dedicated  to  the  future  of  Business 
Messenger  and  regard  it  as  a  key  communications 
service  that  businesses  will  use  for  a  long  time. 

Brad  Garlinghouse 
Vice  president,  communications  products 

Yahoo 
Sunnyvale,  Calif. 

Tolly  responds.  lt  is  apparent  that  I  drew  incorrect  con¬ 
clusions  in  analyzing  several  ofYahoo ’s  recent  actions 
related  to  its  Enterprise  Software  division.  /  apologize 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Soulhborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Ready  for  prime  time 

Regarding  the  story  “Red  Hat  drops  free  Linux” 
(DocFinder:  8926):This  is  a  milestone  for  the  Linux 
community.  Red  Hat  is  obviously  confident  that  the 
operating  system  is  stable  and  support  is  mature  to 
justify  payment.  This  also  will  help  IT  managers 
who  want  to  switch  from  Microsoft  platforms  to 
convince  CFOs  the  product  is  ready 

Tom  Tinsley 
Lemont.Ill. 

Relationship  update 

Regarding  the  story  “How  far  can  we  go?”  (Doc¬ 
Finder:  8927),  in  which  Nike’s  past  software  issues 
with  i2  Technologies  is  cited:  While  there  isn’t  any¬ 
thing  factually  incorrect  within  the  story,  I  want  to 
update  readers  on  the  i2-Nike  relationship. 

Despite  the  past  incident,  Nike  has  renewed  its 
partnership  with  i2  and  continues  to  use  i2  as  its 
sole  supplier  of  supply-chain  and  demand-fore¬ 
casting  software.  A  Nike  executive  recently  was 
elected  to  the  i2  board  of  directors. 

Melanie  Ofenloch 
Vice  president, corporate  communications 

i2  Technologies 
Dallas 

Let's  all  get  along 

I’m  offended  by  your  story  on  women  in  security 
(“Breaking  the  glass  firewall,”  DocFinder:  8928)  and 
the  gender  bias  associated  with  it. This  type  of  story 
only  manages  to  build  even  more  barriers  between 
men  and  women.Why  can’t  we  all  just  work  togeth¬ 
er  for  a  common  solution? 

Frederick  Montney 
Newark,  Del. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  8921 
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INTRANET  ADVISER 

Daniel  Blum 

Shaping  federation  standards 

^B  ederation  standards,  which  allow  single 
^B  sign-on  and  account  linking  across  dis- 
t?  parate  security  domains,  will  change 
authentication  and  authorization  by  creating 
more  scalable  models  for  identity  manage¬ 
ment.  Security  Assertion  Markup  Language 
1.1  is  a  safe  bet  for  companies  that  want  to 

8924),  WS-*  security  specifications  need  to  fulfill  Microsoft  and  IBM’s 
promise  to  establish  their  specifications  as  royalty-free  works  with  rea¬ 
sonable,  non-discriminatory  licensing.  Judging  by  a  recent  letter  to 
OASIS  from  IBM,  the  vendors  are  jockeying  for  position  to  do  just  that. 

IBM’s  letter  does  not  mention  bringing  WS-*  in  OASIS.  Instead,  it 
expresses  concern  that  the  SAML  2.0  effort  is  too  broad  and  that  iden¬ 
tity  federation  should  be  addressed  in  a  token-independent  manner  by 

The  convergence 
that  customers 
demand  can 
begin  now. 

reap  federation  benefits  such  as  reduced  password-related  costs  and 
new  applications.  Longer  term,  however,  additional  standards  will  be 
needed  for  full  identity  federation. 

Three  organizations  are  determining  the  shape  of  federation  stan¬ 
dards:  the  Organization  for  the  Advancement  of  Structured  Information 
Standards  (OASIS), the  Liberty  Alliance, and  a  vendor  consortium  dom¬ 
inated  by  Microsoft  and  IBM  to  create  specifications  for  an  enhanced 
Web  service  framework  (WS-*). 

The  OASIS  Security  Services  Technical  Committee  (SSTC)  has  crafted 
a  document  that  outlines  plans  for  defining  SAML  2.0.  Basically  SAML 
2.0  will  fill  in  SAML  1.1  gaps  such  as  lack  of  session  management  and 
single  logout,  and  also  merge  SAML  with  Liberty  Alliance  Identity 
Federation  Framework  for  opt-in  account  linking  across  sites. 

Meanwhile,  the  Liberty  Alliance  has  just  published  its  Phase  2  specifi¬ 
cations  for  permission-based  attribute  sharing.  Phase  3  will  address 
ways  for  identity-dependent  services  such  as  presence  and  calendars 
to  leverage  Liberty’s  work.  On  the  other  hand,  WS-*  defines  a  WS- 
Federation  specification  that  is  basically  compatible  with  SAML  but 
conflicts  with  the  Liberty  Alliance. 

As  1  wrote  in  an  earlier  column  (see  www.nwfusion.com,  DocFinder: 


another  OASIS  committee. 

The  OASIS  SSTC  chairpeople  have  replied  to  IBM,  indicating  they 
might  welcome  formation  of  a  new  OASIS  technical  committee  to 
address  broader  federation  issues,  but  want  to  continue  to  build  out 
SAML  2.0  as  planned.  As  the  SSTC  points  out,  SAML  is  becoming  wide¬ 
ly  deployed  by  large  enterprise  customers,  which  are  urging  OASIS  to 
unify  disparate  SAML-based  approaches  into  a  single  framework.  The 
SSTC  is  responding  to  these  market  forces  and  has  devised  a  plan  for 
meeting  market  needs  within  a  short  timeline. 

But  longer  term,  the  industry  needs  Microsoft’s  Longhorn,  IBM 
WebSphere,  and  future  WS-*  based  offerings  to  interoperate  with  SAML 
2.0  and  address  needs  outside  of  SAML’s  scope. If  IBM  and  Microsoft  put 
WS-*  components  into  OASIS  in  the  near  future,  these  works  soon  will 
have  the  blessing  of  an  open  standards  community  and  crossoverwork 
can  occur  with  SAML  2.0.  The  convergence  that  customers  demand 
can  begin  now. 

Blum  is  senior  vice  president  and  research  director  with  Burton  Group, 
an  integrated  research,  consulting  and  advisory  service.  He  can  be 
reached  at  djb-feedback@earthlink.com. 


REALITY  CHECK 

Thomas  Nolle 


1  hy  would  you  want  to  use  a  VPN? 
Chances  are  you  don’t  have  an  appli¬ 
cation  that  demands  VPNs  because 
VPNs  are  largely  a  way  to  use  IP  networks  to 
provide  services  that  otherwise  you’d  get  from 
frame  relay  ATM  or  even  leased  lines.Teil  the 
truth  —  it’s  all  about  money  VPNs  are  attrac¬ 
tive  because  they’re  less  expensive  than  other  network  service  options. 
That’s  why  carriers  in  2004  will  be  scrambling  to  offer  users  something 
beyond  VPNs  to  raise  profits. 

The  easiest  value  to  add  is  another  Open  Systems  Interconnection 
layer  —  routing.  Layer  3  VPNs  are  not  virtual  wires,  but  little  virtual 
router  networks.  A  single  VPN  tunnel  reaches  not  just  one  partner  site, 
but  all  sites,  via  a  virtual  router  embedded  in  the  VPN. This  lets  carriers 
charge  a  premium  for  the  service,  which  is  covered  by  the  fact  that  the 
customer  then  spends  less  on  enterprise  routers  and  their  support. 

Unfortunately,  even  layer  3  VPNs  haven’t  set  the  world  on  fire.They’re 
a  form  of  “managed  service, ’’and  traditionally  users  have  been  reluctant 
to  trust  their  carriers  —  even  less  so  when  some  of  them  are  in  Chapter 
1 1  bankruptcy  or  ’fessing  up  to  accounting  irregularities.  Most  prob¬ 
lems  with  VPNs  derive  from  the  fact  that  these  services  usually  are  tar¬ 
geted  at  existing  mission-critical  data  applications,  which  makes  trust¬ 
worthiness  a  key  concern  with  buyers.  Why  not  target  them  elsewhere? 

One  idea  floating  around  the  regional  Bell  operating  company  com¬ 
munity  is  the  notion  of  a  “parallel  VPN,”  built  on  DSL  offerings  at  branch 
locations  and  Ethernet  access  at  headquarters.  This  VPN  wouldn’t  be 
used  to  replace  current  leased-lines  or  frame  relay  services  for  critical 
applications  like  bank  branch  transaction  processing,  but  rather  to 
offload  email,  intranet  and  other  applications. Verizon  already  bundles 
interstate  service  somewhat  like  this  in  what  it  calls  “DSL  Transport.” 
Some  RBOC  planners  hope  this  kind  of  service  will  provide  a  low 
threshold  entry  into  big  corporations  and  that  experience  with  the  ser¬ 
vice  will  convince  buyers  to  shift  all  their  traffic  to  it. 


Preparing  for  life  beyond  VPNs 


The  parallel  VPN  also  might  be  a  bridge  into  even  more  interesting 
opportunities.  If  a  layer  3  VPN  is  based  on  virtual  routers,  why  not  start 
adding  “virtual  servers”  as  well?  A  carrier  could  offer  familiar  services 
such  as  Exchange  hosting,  but  also  branch  out  into  application  hosting 
in  general  and  eventually  even  something  exotic  such  as  grid  comput¬ 
ing.  Major  hardware  and  software  vendors,  including  IBM  and 
Microsoft,  are  promoting  the  idea  of  service-oriented  computing,  and 
their  efforts  might  make  users  more  comfortable  with  outsourcing  not 
just  network  hardware  but  perhaps  applications  or  even  data  centers. 

For  many  the  idea  of  carriers  evolving  to  become  computing  out¬ 
sourcers  might  seem  bizarre,  but  it  might  be  the  only  way  carriers  can 
survive  without  re-regulation.  While  extremely  low-cost  bandwidth 
would  transform  many  aspects  of  business  and  even  society  there  still 
has  to  be  a  profit  model  behind  the  process  of  network  building  or  it 
won’t  progress  very  far.  If  carriers  can  become  players  not  just  in  con¬ 
nection  and  transport  but  also  in  services,  they  stand  a  good  chance  of 
getting  the  money  they  need  to  modernize  our  networks. 

They  won’t  be  without  competitors,  however.  Already  players  such  as 
Equinix  are  quietly  transforming  themselves  into  repositories  of  net¬ 
work-resident  application  storage  and  computing,  and  the  nomcarrier 
players  in  this  market  have  the  advantage  of  being  better  marketers. 

Still, the  advantage  carriers  have  is  that  their  infrastructure  and  service 
plans  will  drive  whatever  revolution  finally  occurs.  Non-carrier  players 
must  sit  back  and  hope  that  access  and  transmission  prices  fall  radi¬ 
cally  but  that  the  carriers  that  let  this  decline  happen  are  helpless  to 
exploit  it.  That’s  a  reasonable  hope  for  established  players  with  nice 
cash  positions,  but  probably  too  risky  to  permit  new  players  to  start  up. 
Service-oriented  computing  as  a  network  revenue  source  is  an  incum¬ 
bent’s  game.  The  good  news  is  that  regardless  of  who  offers  services 
beyond  basic  VPNs,  the  user  might  end  up  the  winner. 


For  many,  the 
idea  of  carriers 
evolving  to 
become  comput¬ 
ing  outsourcers 
might  seem 
bizarre. 


Nolle  is  president  of  CIMl,  a  technology  assessment  firm  in  Voorhces, 
N.J.  He  can  be  reached  at  (856)  753-0004  or  tnolle@cimicorp.com. 
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Does  your  remote  access 
solution  leave  your 
users  stranded? 


access.  Using  an  application-  and  protocol-independent 
architecture,  Permeo  allows  administrators  to  quickly 
and  easily  extend  controlled  access  to  any  web  or  local 
application  -  not  just  web-mail  and  some  client-server 
applications.  This  unparalleled  application  support 
is  done  without  deploying  any  client-side  software! 


Permeo  recognizes  that  many  of  today's  remote  access 
problems  result  from  extending  the  network  to  users  when 
they  only  need  access  to  their  applications.  Yet  today's 
solutions  often  force  you  to  choose  between  extending  the 
network  for  a  true  "in-office"  user  experience  and  allowing 
limited  access  to  web  apps  and  email. 


Permeo  understands  that  your  remote  access  needs 
don't  necessarily  fit  into  a  single  category  -  they  are 
diverse,  dynamic,  and  often  unpredictable.  Many  users 
need  access  to  all  local  desktop  applications  while  others 
may  need  just  local  or  web-based  email  access. 


The  Permeo  solution  also  delivers  unmatched  security. 
Permeo's  unique  approach  establishes  an  individual 
SSL  tunnel  for  each  application  -  there  is  no  loopback 
address  or  other  unattended  backdoor  into  your  network! 

Used  by  more  than  30%  of  the  Global  100,  Permeo 


You  should  be  able  to  meet  all  of  your  remote  access  products  enable  a  diverse  set  of  secure  application 


access  solutions,  from  remote  access  to  outbound 
access  to  wireless  LAN  access.  The  patented 
technology  provides  out-of-the-box  support  for  all 
TCP  and  UDP  applications  -  including  SIP,  homegrown, 
and  legacy  apps.  Permeo’s  proven  solution  delivers 
enterprise-class  scalability,  toad  balancing,  and  failover. 


needs  with  one  product  that  provides  the  rich  application 
support  of  IPSec  VPNs  and  the  clientless,  security,  and 
administrative  benefits  of  SSL  VPNs.  Permeo  agrees. 


Permeo™  Application  Security  Gateway  uses  breakthrough 
technology  that  sets  the  new  standard  in  SSL  remote 


Visit  www.permeo.com/nww  to  download  a  free 
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Permeo  and  the  Permeo  logo  are  trademarks  of  Permeo  Technologies,  Inc.  in  the  United  States 
and  other  countries.  Some  product  names  and  logos  contained  herein  are  trademarks  or 
registered  trademarks  of  their  respective  companies.  Permeo  is  dedicated  to  constant  product 
improvement;  therefore,  specifications  are  subject  to  change  without  notice.  While  it  is 
believed  that  the  information  in  this  document  is  accurate,  no  warranties  are  created.  Some 
of  the  functions  or  features  referred  to  in  this  document  may  be  priced  or  sold  separately. 
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•*  By  Elisabeth  Horwitt 

In  the  late  1990s,  with  the  rise  of  mobile  comput¬ 
ing,  more  and  more  companies  began  eyeing  Virtual 
Private  Networks  (VPNs)  as  a  means  of  getting  their 
remote-access  telecom  costs  under  control.  At  that 
time,  "road  warriors"  could  easily  rack  up  hundred- 
dollar  phone  charges  just  to  access  their  email  and  a 
few  files  from  a  foreign  hotel.  VPN,  which  uses 
encryption  and  IP-based  authentication  to  set  up  a 
secured  connection  over  the  Internet,  allowed  mobile 
workers  to  log  on  to  the  corporate  network  at  the  cost 
of  a  local  dial-up  call. 

This  led  to  a  huge  improvement  in  worker  produc¬ 
tivity,  since  users  could  now  work  with  the  same  com¬ 
puting  resources  they  had  at  their  own  desktops— 
without  breaking  the  telecom  budget.  In  1999, 
Telechoice  reported  that  VPN  was  saving  companies 
between  30%  and  70%  for  remote  access,  compared 
with  traditional  remote-access  servers  or  dial-up 
connections.  The  US  VPN  market  had  a  compound 
annual  growth  rate  of  54.6%  from  1997  to  2002, 
according  to  research  firm  IDC. 

However,  the  older  VPN  technology,  which  is 
based  on  the  IPSec  security  standard,  hasn't  kept  up 
with  the  rapidly  changing  mobile  computing  market, 
not  to  mention  an  increasingly  diverse  set  of  mobile 
computing  devices  and  remote  access  options  for 
users  on  the  go. 

Now,  VPN  is  moving  into  a  new  phase  of  its  evo¬ 
lution,  as  more  and  more  enterprises  migrate  to 
VPNs  based  on  Secure  Socket  Layer  (SSL).  SSL  picks 
up  where  IPSec  leaves  off,  enabling  enterprises  to 
further  cut  costs  and  boost  worker  productivity  as 


their  remote-access  installations  continue  to  grow  and 
diversify.  And  enterprise  business  decision  makers  are 
beginning  to  recognize  this:  Researchers  at  Yankee 
Group  predict  that  the  SSL  VPN  market  in  the  US  will 
go  from  about  $100M  in  2003  to  around  $900M  in 
2007. 

A  Look  Under  the  VPN  Hood 

SSL  and  IPSec  VPNs  both  handle  outgoing  traffic 
through  a  server  device  that  typically  sits  in  the  "DMZ" 
zone  between  the  corporate  network  and  the  firewall. 
The  server  takes  care  of  authenticating  the  client, 
encrypting  traffic,  and  sending  it  as  https  traffic  over 
a  tunneled  Internet  connection. 

However,  while  IPSec  VPN  requires  special  soft¬ 
ware  to  be  installed  on  each  user  client,  or  "end¬ 
point,"  SSL  VPNs  make  use  of  security  software  that's 
a  standard  feature  on  all  leading  browsers.  This 
makes  the  newer  VPN  technology  far  easier  to  admin¬ 
ister,  and  far  more  flexible  in  terms  of  how,  and  from 
where,  users  can  set  up  a  remote  access  link. 

New  York-based  Cleary,  Gottlieb,  Steen  &  Hamilton 
implemented  SSL  VPN  in  the  summer  of  2002.  "Our 
attorneys  travel  all  over  the  world,  and  they  don't  stop 
working  when  they're  on  vacation,"  says  Philip  E. 
Catelinet,  senior  network  analyst  at  the  international 
law  firm.  "They  need  to  be  able  to  check  their  email 
or  download  a  file  from  wherever  they  happen  to  be." 
Security  is  also  a  top  priority,  especially  when  an 
attorney  is  calling  in  from  a  client's  office. 

The  SSL  VPN  platform  integrates  with  the  firm's 
existing  authentication  infrastructure,  so  attorneys  can 
log  onto  the  Web-based  system  with  their  regular  user 
names  and  passwords.  Web-based  tools  make  the 

system  easy  to  manage, 
Catelinet  adds,  "and  we're 
very  comfortable  with  the 
security." 

A  lot  of  enterprises  are 
migrating  to  SSL  VPN 
because  their  IPSec  SSL 
installations  are  proving 
too  costly  to  administer 
and  maintain,  particularly 
on  the  client  side.  SSL 
VPN  costs  about  half  as 
much  to  manage  as 
IPSec,  according  to  Zeus 
Kerravala,  vice  president 
of  enterprise  infrastruc¬ 
ture  at  Yankee  Group. 

Initial  deployment  of  a 
basic  SSL  VPN  network, 
with  full  application  sup¬ 
port,  takes  two  to  three 
hours,  says  Bill  Strub,  CTO 


at  Denver-based  security  systems  integrator  Accuvant, 
Inc.  IPSec  VPN  takes  about  the  same  amount  of  time 
to  configure  the  server,  but  requires  client  software 
deployment  and  training  for  every  user.  SSL  VPN, 
in  contrast,  makes  use  of  existing  browsers,  "so  no 
training  is  necessary,"  he  adds. 

How  long  it  takes  to  deploy  IPSec  VPN  client  soft¬ 
ware  depends  a  lot  on  users'  travel  schedules,  Strub 
notes.  "If  I  can  get  them  all  together  and  go  through 
it  one  time,  I  can  take  care  of  their  (training)  needs  in 
45  minutes  to  two  hours,  depending  on  the  types  of 
questions  they  ask." 

If  enough  laptops  can  be  plugged  into  the  corpo¬ 
rate  LAN  at  the  same  time,  automated  tools  can 
deploy  the  IPSec  client  as  a  batch  job,  Strub  says.  But 
if  users  are  on  the  road  a  lot,  the  job  could  take  weeks. 

Access  Issues 

SSL  VPN  also  gives  users  far  more  freedom  in 
terms  of  where  and  how  they  access  corporate 
resources.  Any  device  with  a  browser  will  do:  a  PC  at 
a  business  partner's  site,  a  hotel  laptop,  an  airport 
kiosk. 

"A  couple  of  years  ago,  we  noticed  that  a  lot  of  our 
clients  were  doing  Web-based  email  access,"  says  John 
Pescatore,  vice  president  of  Internet  security  at  research 
firm  Gartner  Inc.  "These  companies  wanted  their  users 
to  be  able  to  pick  up  email  from  anywhere,  using  what¬ 
ever  computer  was  available— not  just  a  computer  that 
happened  to  be  fitted  with  IPSec  software." 

Access  from  the  road  via  IPSec  VPNs  can  not  only 
be  more  restricted  compared  with  SSL  VPN,  it  can 
also  be  more  expensive.  Hotels  tend  to  charge  more 
for  IPSec  VPN  traffic,  says  Strub.  One  hotel  he  stayed 
at  recently  charged  $19.95  per  day  for  IPSec,  and 
$9.95  per  day  for  regular  browser  access,  he  reports. 

Furthermore,  IPSec  VPN  users  can  have  technical 
and  policy-related  difficulties  connecting  out  through 
somebody  else's  private  network. 

"The  vast  majority  of  our  people  use  SSL  VPN 
(remote  access),  because  they're  often  at  a  client  site," 
says  Larry  Quinlan,  CIO  for  Deloitte  Consulting  in 
New  York.  "In  most  cases,  they  wouldn't  be  able  to 
get  out  through  the  client's  firewall  using  IPSec  SSL." 
This  is  because  IPSec  works  at  the  network  layer,  while 
SSL  works  at  the  application  layer. 

And  while  most  organizations  permit  an  SSL  VPN's 
https  browser  traffic  out  of  their  sites,  many  have  secu¬ 
rity  issues  with  setting  up  a  direct  connection  between 
their  private  network  and  somebody  else's  network- 
even  if  that  someone  is  a  trusted  partner. 

IPSec  VPN's  network-level  access  can  raise  security 
concerns  for  the  user's  parent  company  as  well.  "With 
IPSec,  you  create  a  tunnel  inside  the  corporate  fire¬ 
wall,"  says  Gartner's  Pescatore.  "If  a  hacker  manages 
to  install  software  to  take  control  of  a  laptop  with  an 
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Key  Assumptions: 

•  Growth  of  IP  services  abroad,  and  in  general,  managed  data  network  services  will  contribute  to  robust  growth 
of  IP  VPN. 

•  Revenue  includes  circuit  costs,  security  feature,  and.  as  available,  managed  services. 

•  Circuit  costs  will  match  private  line  circuit  costs  over  the  forecast  period. 

Message  in  the  Data: 

•  IP  VPN  services  will  soar  from  almost  $2.2  billion  in  2000  to  over  $21  billion  in  2005. 

Source:  IDC.  2001 


Y*« 


FIREPASS* 

SECURE  REMOTE  ACCESS 


Calculating  the  risks  and  rewards  of  secure  remote  access  can 
be  challenging.  For  a  solution  that's  simply  better,  count  on 
FirePass,  the  SSL  VPN  appliance  from  F5. 

Firepass  is  a  powerful  solution  that  gives  your  users  remote 
access  to  critical  applications  and  data  from  any  Web-enabled 
device  or  location  —  without  compromising  the  security  of 
your  network. 


FirePass  provides  easy,  secure,  and  reliable  remote  access. 

•  Extends  secure  remote  access  to  anyone  connected  to  the 
Internet  with  the  broadest  application  access  of  all  SSL-VPN 
solutions. 

•  Adapts  client  security  to  ensure  client  integrity  by  deleting 
temp/cache  files  on  public  kiosks  and  checking  for  active 
virus  scan  and  firewall  programs  on  corporate  laptops. 

•  Offers  flexible  authentication  against  a  variety  of  authentica¬ 
tion  servers,  and  supports  two-factor  authentication  for  more 
stringent  security. 

•  Controls  the  level  and  application  access  based  on  type 
of  user  and  device. 

•  Reduces  deployment  and  maintenance  costs  because 
pre-installed  client  software  and  application  updates 
are  not  required. 


Now  employees,  customers,  and  partners  can  securely 
access  authorized  applications  frohl  'any  Web-enabled  device 


at  any  location. 


Simply  put,  it's  better. 


Learn  more  with  a  FREE  guide  Urbane  remote  access  and 
an  online  demo.  Visit  www.fS.com/bettor-QW or 


call  1-866-543-9373 
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From  Simple  Building  Blocks  to  Carrier  Grade  Solutions... 

Whether  your  application  is  Campus  Enterprise,  Cable  MSO  or  Metro  Access,  MRV  has  a  flexible 
optical  solution  that  fits  within  your  budget.  Our  CWDM  and  DWDM  systems  help  you  increase 
your  bandwidth  capacity,  or  offer  wavelength  services  —  from  T1/E1  to  OC-48,  and  any 
Ethernet  or  Storage  protocol.  ♦  We  provide  solutions  from  'do-it-yourself  WDM  with  our 
pluggable  optics  (SFP  &  GBIC)  -  including  digital  diagnostics,  a  powerful  management  tool  at 
the  optical  interface  level  -  all  the  way  to  full-size  modular  systems  with  64  DWDM 
wavelengths.  ♦  Since  1988,  we  have  provided  connectivity  solutions  for  networks  that  scale 
in  size,  speed,  distance  and  complexity.  In  fact,  some  of  the  world's  largest  networks  rely  on 
our  switches,  routers,  optical  transport  systems  and  remote  presence  equipment. 

Turn  to  us  for  your  Connectivity  Unlimited ™  needs 

mrv.com/nwdm 


Let  MRV  Build  Your  WDM  Network 


Carrier  DWDM 


The  names  of  actual  companies  and  logos  mentioned  herein  may  be  trademarks  of  their  respective  owners. 
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The  right  tools  for  your  network  needs 


NETWORK 
MANAGEMENT 
TOOL  BOX 


■  BY  BARRY  NANCE,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


echanics  who  diagnose  and  fix  Airbus  aircraft  have  specific  tools  for  fix¬ 
ing  the  engines.  Mechanics  for  Boeing  aircraft  have  somewhat  different 
tools.  Even  United  Airlines  and  American  Airlines  have  somewhat  different 
tools  and  test  equipment  for  working  on  a  particular  model  of  aircraft. 


You  can  view  your  own  network 
in  the  same  way.  Your  company’s 
tools  and  test  equipment  might  be 
very  different  from  another  compa¬ 
ny’s,  even  though  the  two  compa¬ 
nies’  networks  might  bear  more 
than  a  slight  resemblance.  Getting 
the  right  tool  for  the  job  is  a  matter 
of  judging  your  company’s  specific 
network  needs  (and  budget)  and 
finding  solutions  that  meet  your 
requirements. 

In  that  sense,  we  decided  to  take  a 
roundup  look  at  a  set  of  diverse 
tools  to  help  you  find  the  right  one 
for  your  network.  Our  eclectic  mix 
consisted  of  WhatsUp  Gold  8.0, 
from  Ipswitch;  UniCenter  Applica¬ 
tion  Performance  Monitor  3.5,  from 
Computer  Associates;  VitalStats  2.0  from 
WebMetrics;  PacketLogic  3.2.3  from 
Netlntact;  NetCrunch  2.3  from  AdRem 
Software;  and  OpalisRobot  4.0  from 
Opalis  Software. 

There  are  no  winners  or  losers  in  this 
review,  just  good  points  and  bad  points, 
plus  the  realization  that  sometimes  the 
best  crowbar  is  a  hammer,  and  some¬ 
times  the  best  hammer  is  a  crowbar. 
These  tools  are  just  different  ways  of 
getting  different  jobs  done. 

WhatsUp  Gold 

WhatsUp  Gold  is  a  highly  useful  tool 
on  small  and  midsize  networks.  Its 
quick  and  accurate  discovery  process 
and  informative  status  and  availability 
charts  are  a  godsend  to  administrators 
who’ve  struggled  to  improve  availability 
and  uptime  by  hand,  without  an  auto¬ 
mated  monitoring  tool. 

WhatsUp  Gold’s  designers  have 
made  several  improvements  to  the 
monitoring  and  alerting  tool  since  we 
last  reviewed  it  in  the  fall  of  2000. 
WhatsUp  Gold  now  can  restart  failed 
Windows  services  if  you  instruct  it  to 
monitor  those  services,  can  export 
data  in  XML  format  and  has  a  user 
interface  that’s  more  responsive  and 
more  intuitive. 

But  there  are  still  some  limitations. 
WhatsUp  Gold  doesn’t  offer  graphical 
Management  Information  Base  walk¬ 
ing,  nor  does  it  offer  usage  baselines  for 


WhatsUp  Gold  lets  you  monitor  multi-site  WAN  links. 

device  behaviors.  Except  for  the  ability 
to  restart  failed  Windows  services, 
WhatsUp  Gold  doesn’t  have  a  corrective 
action  feature  and  thus  can’t  run  a  pro¬ 
gram  or  interpret  a  script  that  you  spec¬ 
ify  to  have  a  self-healing  network. 

Furthermore,  its  network  map  lacks 
symbols  for  such  basic  items  as  switch¬ 
es,  DSU/CSUs  and  telco  interfaces,  and  it 
has  a  Windows  NT  icon  but  not  a 
Windows  2000  icon.  Choosing  the  tool’s 
Status  display  produces  a  garish,  unin¬ 
formative  window  that  only  becomes 
partly  useful  when  you  put  the  tool  into 
“mini-status”  mode.  WhatsUp  Gold  then 
shrinks  into  a  color-coded  (green 
means  OK,  red  means  problems)  status 
bar  that  you  can  move  to  the  corner  of 
your  screen. 

WhatsUp  Gold  is  simple  and  unclut¬ 
tered,  has  a  good  autodiscovery  func¬ 
tion,  uses  Internet  Control  Messaging 
Protocol  (ICMP)  pings  at  a  time  interval 
you  specify  in  a  straightforward  to 
check  the  network’s  health  and  pro¬ 
duces  helpful  reports.  If  you  prefer, 
WhatsUp  Gold  can  use  IPX  or  NetBIOS 
packets  to  monitor  a  device. 

Autodiscovery,  which  Ipswitch  terms 
SmartScan,  is  impressive.  It  uses  SNMP 
requests  and  data  from  router  tables  to 
find  network  devices  quickly  and  accu¬ 
rately.  In  our  tests,  SmartScan  turned  its 
hierarchical  connectivity  data  into  a  set 
of  separate  subnet  maps  instead  of 
drawing  one  map  containing  all  de¬ 


vices.  An  alternate  but  equally 
accurate  discovery  process  uses  a 
configurable  combination  of  Net¬ 
work  Neighborhood  exploitation, 
ICMP  pings,  Hosts  file  entries  and 
Windows  Registry  data. 

At  intervals,  WhatsUp  Gold  polls 
the  network  to  collect  device  sta¬ 
tus  information.  It  also  tracks  net¬ 
work  traffic  associated  with  Simple 
Mail  Transfer  Protocol  (SMTP), 
HTTP  DNS,  FTP  POP3,  Internet 
Message  Access  Protocol,  telnet 
and  other  common  services.  It 
includes  ping,  port  scanning  and 
throughput  utilities. 

The  software  can  notify  adminis¬ 
trators  of  problems  via 
e-mail  or  pager.  Setting 
up  an  e-mail  alert  that  told  us 
of  unavailable  devices  and 
showing  the  last  several  lines 
of  the  Windows  NT  event  logs 
took  just  a  few  minutes  to 
configure.  The  product’s  net¬ 
work  event  and  statistics  re¬ 
ports  are  useful  for  tracking 
device  and  service  outages. 

The  interactive  Web  page 
interface  was  a  joy  to  use  and 
encompassed  all  the  func¬ 
tions  of  the  Win32  native 
interface. For  example,  it  let  us 
check  the  status  of  any  net¬ 
work  device  from  a  remote  location, 
using  only  a  dial-up  connection  and 
Web  browser. 

WhatsUp  Gold  has  come  a  long  way 
from  its  simple  beginnings  as  a  free¬ 
ware  download.  It’s  a  reliable  monitor¬ 
ing  tool  that  administrators  of  small  and 
midsize  networks  can  quickly  begin 
using  without  a  lot  of  training. 

■Bottom  line 

WhatsUp  Gold  8.0 

Company:  Ipswitch,  (781)  676-5700, 
www.ipswitch.com  Cost:  Starts  at  $1,090 
with  annual  service  agreement.  Pros: 
Accurate  discovery  of  devices;  useful 
status  charts.  Cons:  Can’t  run  a  program 
or  script  to  correct  a  problem.  Best  suited 
for:  A  small  to  midsize  company  whose 
network  administrators  prefer  simplicity. 


Application  Performance  Monitor 

Tracking  application  response  times 
with  CA’s  Application  Performance 
Monitor  (APM)  is  more  accurate  and 
less  labor-intensive  than  using  a  stop¬ 
watch.  It’s  an  excellent  tool  for  measur¬ 
ing  formal  service-level  agreements 
regarding  acceptable  response  times. 
Less  formally  it’s  a  good  way  to  keep 
developers  honest  when  a  software  ven¬ 
dor  or  group  of  your  programmers  has 
promised,  for  example,  sub-2-second 
response  times  for  a  new  application  or 
transaction  subsystem. 

APM,  a  UniCenter  component  that’s 
separately  available  from  CA,  monitors 
response  times  by  detecting  the  begin¬ 


ning  and  ending  network  events  associ¬ 
ated  with  a  transaction.  Its  agent  mod¬ 
ule  collects  the  benchmark  timings  in  a 
local  data  store  throughout  the  day. 
Periodically,  all  the  agents  send  the 
resulting  statistics  to  the  central  APM 
Manager.  Except  for  Web-based  applica¬ 
tions, you  have  to  install  the  agent  mod¬ 
ule  on  each  client.  Fortunately,  the  agent 
installation  is  simple  and  takes  just  a 
few  moments.  For  Web-based  applica¬ 
tions,  APM  works  on  the  Web  server  to 
gather  response  time  data.  CA  ships  an 
extensive  knowledgebase  of  transac¬ 
tion  detection  triggers  for  applications 
such  as  Microsoft  Exchange  and 
SAP/R3,  but  you’ll  have  to  get  your 
hands  dirty  with  the  technical  details  of 
your  company’s  network  transaction 
messages  if  you  want  to  monitor  cus¬ 
tomized  software.  We  found  setting  up 
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knowledgebase  entries  for  unique  trans¬ 
actions  to  be  technically  challenging  at 
first,  but  fairly  easy  once  we  understood 
the  process.The  lack  of  good  documenta¬ 
tion  on  the  topic  means  you’ll  suffer 
through  some  trial  and  error  before  you 
get  it  right. 

APM  also  includes  a  Transaction  Server 
module  for  recording  and  later  replaying 
a  transaction’s  events  and  messages. 
Transaction  Server  stores  transactions  in 
the  form  of  JavaScript  or  VBScript  pro¬ 
grams,  whose  replay  you  can  schedule  to 
occur  when  you  like. 

APM’s  Web  Reporting  Server  can  pro¬ 
duce  several  browser-based  reports  in 
four  categories:  Alerts,  Applications, 
Clients  and  Servers.  Different  types  of  re¬ 
ports  are  available  —  Enterprise  Reports 
summarize  data  from  all  agents;  Group 
Reports  reveal  results  for  certain  comput¬ 
ers;  Host  Reports  show  information  from 
a  specific  agent;  and  User  Reports  provide 
information  based  on  Windows  logon 
user  names.  In  addition  to  the  pre-config- 
ured  reports  in  each  category,  the  Web 
Reporting  Server  has  report  templates 
that  make  creating  your  own  custom 
reports  a  breeze.  Scheduling  the  produc¬ 
tion  of  the  reports  is  similarly  easy. 

APM  also  includes  a  handy  Data  Viewer 
diagnostic  tool  for  connecting  to  an  agent 
to  see  real-time  transaction  statistics. 

■  Bottom  line 

UniCenter  Application  Performance 
Monitor  3.5 

Company:  Computer  Associates,  (800)  225- 
5224,  www.ca.com  Cost:  Starts  at  $7,500  per 
server.  Pros:  Excellent,  customizable  reports. 
Cons:  Doesn't  detect  JavaScript  operations. 
Best  suited  for:  A  company  with  in-house 
programmers  who  need  to  make  applications 
more  responsive. 


VitalStats 

With  one  minor  exception, VitalStats  was 
a  no-brainer  to  use  in  the  lab.  A  service, 
VitalStats  consists  of  WebMetrics  (the 
company)  monitoring  one  or  more  of 
your  Internet-accessible  servers  for  prob¬ 
lems  with  network  connectivity,  CPU 
usage,  memory  and  hard  disks.  In  our 
tests,  we  used  the  service  to  keep  an  eye 
on  a  Microsoft  Internet  Information  Ser¬ 
vice  machine. 

A  VitalStats  software  agent  that  you  install 
on  a  Web  server  communicates  at  5-minute 
or  1 -minute  intervals  with  one  of  Web- 
Metrics’  points  of  presence.  We  tested  the  5- 
minute  monitoring  service.  The  software 
agent  sends  server  utilization  statistics  to 
WebMetrics,  which  collects  the  utilization 
figures  and  presents  them  as  graphical 
charts  and  log  files  that  you  can  view  when 
you  log  on  to  WebMetrics’ Web  site. 

If  the  central  WebMetrics  monitoring 
software  detects  a  problem,  such  as  serv¬ 
er  resource  overutilization  or  communi¬ 
cations  failure,  it  sends  e-mails  or  it  can 
page  you. 

An  e-mailed  alert  might  contain  the  mes¬ 
sage, "Page  download  time  exceeded  time¬ 


out  of  30  sec”  or  “Can’t  get  page 
http://(your  IP  address)/  Scripts/ 
vital2000.v2.0.exe,”  followed  by  a 
traceroute  display  of  the  network 
links  between  WebMetrics’  site 
and  yours.  At  its  Web  site, 
WebMetrics  can  show  you  perfor¬ 
mance  graphs  for  specific  time 
periods. 

We  encountered  a  minor  stum¬ 
bling  block  during  installation. 
WebMetrics  sends  a  software 
agent  to  each  new  customer,  and 
a  network  administrator  installs 
the  agent  by  placing  it  in  the  Web 
server’s  Scripts  directory  and 
making  that  directory  Internet- 
accessible.  Unfortunately  we  had 
“hardened”  the  Web  server  by 
installing  Microsoft’s  URLScan, 
applying  all  current  security 
patches  and  deleting  unnecessary  directo¬ 
ries.  We  had  to  put  the  software  agent  in  a 
new  directory  publish  the  new  directory 
on  the  Internet  via  Windows  Server’s 
Internet  Services  Manager  and,  after  log¬ 
ging  on  to  WebMetrics’  main  site,  configure 
WebMetrics’  central  monitoring  software 
to  “see”  the  new  directory 

WebMetrics  offers  specific  services  for 
Web  servers,  database  servers  and  applica¬ 
tion  servers.  Customers  don’t  install  a  soft¬ 
ware  agent  for  application  servers.  Instead, 
WebMetrics  tests  for  server  availability  by 
sending  “keep  alive”  network  messages  to 
the  server  and  noting  the  servers  response. 
WebMetrics  says  its  GlobalWatch  network 
is  in  more  than  17  cities  worldwide,  with 
POPs  throughout  North  America,  Asia  and 
Europe. 

■  Bottom  line 

VitalStats  2.0 

Company:  WebMetrics,  (877)  524-8299, 
www.webmetrics.com.  Cost:  Standard 
service  (monitors  every  5  minutes)  is  $60/ 
month/monitored  server;  Gold  service 
(monitors  every  minute)  is  $180/month/ 
monitored  server.  Pros:  Lets  you  outsource 
network  monitoring  to  a  third  party.  Cons: 
You  still  have  to  be  expert  enough  to  fix  the 
problems  that  VitalStats  detects.  Best 
suited  for:  A  company  that  prefers  to 
outsource  network  monitoring. 


PacketLogic 

Netlntact’s  PacketLogic  is  an  accurate, 
well-designed  network  monitoring  tool.  It’s 
easy  to  set  up,  and  a  traffic-flow  analysis 
that  is  practical  and  highly  relevant. 
PacketLogic  might  well  give  you  a  new  per¬ 
spective  on  your  network. 

The  PacketLogic  product  is  a  rack-mount 
appliance  that  you  connect  to  your  net¬ 
work  so  that  traffic  passes  through  it.  The 
appliance  is  an  Intel-based  computer  run¬ 
ning  Linux,  which  automatically  boots  the 
appliance’s  PacketLogic  software.  In  addi¬ 
tion  to  the  PacketLogic  software,  Netlntact 
also  developed  a  custom  TCP/IP  protocol 
stack  and  optimized  drivers  to  help  the 
appliance  more  efficiently  handle  high 
traffic  loads.  Our  test  unit  processed  up  to 
25,000  to  30,000  packets  per  second 


(depending  on  packet  sizes  and  contents) 
before  we  noticed  any  delays  in  traffic 
flow. You  administer  PacketLogic  through  a 
client  module  that  you  download  from 
Netlntact’s  Web  site. 

Using  Layer  7  protocol  detection,  Packet- 
Logic  classifies  network  traffic  for  thresh¬ 
old  detection  (for  example  alerting)  and 
statistical  purposes.  The  appliance  can 
optionally  shape  (prioritize)  traffic  and  act 
as  a  firewall. We  tested  all  four  functions  — 
alerts,  statistics,  shaping  and  firewall. 

PacketLogic  examines  each  packet’s  con¬ 
tents,  not  just  its  destination  port  number,  to 
determine  the  packet’s  protocol.  It  recog¬ 
nizes  more  than  80  protocols,  including 
Gnutella,  Kazaa,  Direct  Connect,  Citrix, 
HTTP  FTP  POP3,  IRC,  SMTP  and  Secure 
Shell.  PacketLogic  tracks  network  utilization 
by  application,  user  and  connection,  and 
produces  several  statistical  reports.  These 
reports  reveal,  for  example,  which  applica¬ 
tion  uses  the  most  bandwidth  during  a 
given  time  interval  and  which  user  is  con¬ 
suming  the  most  bandwidth  —  and  what 
the  user  was  doing  with  the  bandwidth. 

PacketLogic’s  alert  mechanism  has  vari¬ 
able  thresholds  for  detecting  high  or 
unwanted  traffic.  Its  rules  are  time-of-day- 
and  day-of-week-sensitive,  and  Netlntact 
groups  the  rules  in  eight  categories:  Client, 
Server,  Server  Port,  Client  Port,  Server 
Interface,  Client  Interface,  Service  and 
Time  Object.  PacketLogic  can  apply  a  rule 
threshold  to  one  computer  or  a  specified 
group  of  computers,  and  it  can  apply  a 
rule  to  all  traffic  destined  for  a  specific 
port.  PacketLogic  inserts  its  alerts  into  a 
log  file  that  the  PacketLogic  client  displays 
in  much  the  same  way  the  Windows 
Server  Event  Viewer  does. 

During  busy  times,  the  appliance 
decides  which  packets  to  send  first  and 
which  to  put  at  the  end  of  the  queue  by 
using  quality-of-service  rules  the  network 
manager  specifies.  In  our  tests,  Packet- 
Logic  excelled  in  forwarding  critical  pack¬ 


ets  before  emitting  less-important  mes¬ 
sages.  We  even  tested  high-volume  mix¬ 
tures  of  non-TCP/IP  and  TCP/IP  traffic  to 
see  how  the  appliance  would  behave.TCP 
has  an  internal  throttling  mechanism  that 
typically  fails  in  the  presence  of  other  pro- 
tocols.The  mechanism  senses  overall  TCP 
traffic  levels  to  know  when  to  backpres¬ 
sure  itself,  but  the  traffic  level  detection 
ignores  other  protocols  as  it  decides  how 
many  packets  it  can  send  in  a  “window” 
before  expecting  a  response  from  its  ses¬ 
sion  partner.  The  PacketLogic  appliance 
flew  through  the  traffic  quite  nicely  as  it 
prioritized,  for  example,  database  transac¬ 
tions  over  e-mail  messages. 

The  PacketLogic  client’s  firewall  editor 
uses  a  collapsible-tree  view  to  make  setting 
up  a  firewall  in  the  appliance  nearly 
painless. 

■  Bottom  line 

PacketLogic  3.2  . 

Company:  Netlntact,  (551)  208-1125,  www. 
netintact.com  Cost:  $11,230  for  128  managed 
IP  addresses,  including  Surveillance  and 
Statistics  modules;Traffic  Shaping  module 
is  $2,308;  Firewall  module  is  $1,949.  Pros: 
Easy  to  set  up  and  use;  accurate  protocol 
determination.  Cons:  You  must  periodically 
examine  a  log  file  to  see  alerts.  Best  suited 
for:  A  company  that  wants  the  convenience 
of  a  pre-conf  igured  monitoring  appliance  plus 
highly  accurate  protocol  detection. 


NetCrunch 

AdRem’s  NetCrunch  is  good  at  discover¬ 
ing  network  nodes,  displaying  a  map  of  a 
network  and  producing  useful  reports.  It 
monitors  SNMP-aware  devices,  and 
Windows  servers  and  NetWare  servers, and 
it  can  be  installed  as  a  Windows  service 
that  runs  in  the  background. 

NetCrunch  uses  ICMP  pings  and  SNMP 
requests  to  unearth  devices  and  computers 
on  the  network.  Its  accuracy  in  discovering 
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Opalis  Robot  is  great  for  scheduling  backups  and  other  tasks. 


nodes  impressed  us.  Network  discovery 
isn’t  the  easiest  function  to  implement,  but 
Ad  Rem  has  done  it  correctly  For  an  SNMP- 
aware  node,  NetCrunch  learns  its  device 
type  —  whether,  for  instance,  the  node  is  a 
switch,  printer,  NetWare  server  or  router. You 
can  tell  NetCrunch  to  rescan  the  network 
periodically  to  discover  devices  not  avail¬ 
able  during  the  initial  scan. 

NetCrunch  shows  what  it’s  discovered  by 
displaying  dynamic,  hierarchical  maps  of 
subnets,  with  links  between  subnets. 
Changing  a  map’s  colors, backgrounds  and 
icons  is  easy,  and  NetCrunch  highlights  a 
problem  device  on  the  map  by  turning  its 
icon  red  and  making  it  blink.  NetCrunch 
can  detect  whether  a  device  or  computer 
is  up  and  running  and,  for  Windows 
servers,  whether  a  particular  server’s  re¬ 
source  (CPU,  memory  or  hard  disk)  utiliza¬ 
tion  is  under  or  over  a  threshold. 

If  you  don’t  happen  to  be  looking  at 
NetCrunch’s  network  map  when  a  problem 
occurs,  don’t  worry  NetCrunch  can  notify 
administrators  via  e-mail,  SNMP  alert 
(which  it  sends  to  a  separate  network  man¬ 
agement  system,  such  as  OpenView)  or 
pager.  It  also  can  send  notification  messages 
to  specific  Windows-based  client  comput¬ 
ers.  For  problems  that  can  be  fixed  auto¬ 
matically  you  can  tell  NetCrunch  to  reset  a 
failed  device,  run  a  program  or  reboot  a 
server.  All  of  NetCrunch’s  alerting  and  notifi¬ 
cation  functions  worked  well  in  our  tests. 

Unfortunately,  the  NetCrunch  Admini¬ 
strator’s  Guide  manual  explains  network 
concepts  at  length,  but  says  little  about 
how  to  use  the  product. 

■  Bottom  line 

NetCrunch  2.3 

Company:  AdRem  Software,  (212)  319-4114, 
www.adremsoft.com  Cost:  Starts  at  $795 
per  administrator  workstation.  Pros: 
Excellent  discovery  and  network  map  display. 
Cons:  Lacks  "howto”  documentation.  Best 
suited  for:  A  company  that  wants  highly 
visual  network  mapping  plus  good  device 
discovery, 


Opalis  Robot 

OpalisRobot  is  a  sophisticated,  highly 
visual  scheduling  tool. To  our  delight,  we 
found  we  could  use  it  to  monitor  critical 
aspects  of  our  network  and  schedule 
back-up  copy  operations  and  other  tasks. 

OpalisRobot  monitors  event  logs,  text 
logs,  SNMP  traps  (alerts),  performance 
statistics  and  running  programs.  In  this 
last  category,  OpalisRobot  detects  wheth¬ 
er  user-specified  services  and  processes 
are  running.  It  also  monitors  for  file  mod¬ 
ifications,  device  presence  (based  on 
ICMP  pings),  up  and  running  Web/ 
FTP/DNS/NNTP/Mail  servers  and  data¬ 
base  availability. 

You  can  use  these  and  other  conditions 
to  tell  when  OpalisRobot  should  run  a 
program.  For  example,  you  can  prevent  a 
tape  back-up  operation  from  starting  if  a 
file’s  modification  date  suggests  the  pro¬ 
gram  that  was  supposed  to  update  the 
file  didn’t  complete  successfully. You  also 
can  instruct  OpalisRobot  to  alert  you,  via 
e-mail,  pager  and  pop-up  message,  that  an 


error  condition  exists  and  you  need  to  fix 
it.  For  those  problems  that  can  be  fixed 
automatically,  OpalisRobot  can  run  a  pro¬ 
gram  or  reboot  a  server. 

OpalisRobot’s  user  interface  is  a  joy  to 
use.  It’s  a  drag-and-drop  visual  environ¬ 
ment  for  setting  up  tasks  to  run  on  a 
schedule,  based  on  dependencies  you 
specify. The  scheduling  function  contains 
an  intelligent  calendar  where  you  indi¬ 
cate  your  company’s  working  days  and 
that  you  can  use  to  trigger  the  running  of 
computer  programs.  You  can  freely  use 
server  and  network  events,  via  drag-and- 
drop,  as  conditional  triggers  for  running 
programs  or  notifying  you  of  an  error  sit¬ 
uation.  OpalisRobot  makes  network  trou¬ 
bleshooting  almost  fun. 

■  Bottom  line 

OpalisRobot  4.0 

Company:  Opalis  Software,  (888)  672-5471, 
www.opalis.com  Cost:  Starts  at  $995.  Pros: 
Graphical  scheduling  and  problem  detection 
environment.  Cons:  No  network  map;  no 
network  discovery.  Best  suited  for:  A 
company  whose  network  admini-strators 
prefer  a  graphical  specification  environment 
for  setting  up  network-monitoring  tasks. 


Conclusion 

Because  nobody  knows  your  network 
better  than  you, you  can  judge  for  yourself 
which  of  these  tools  might  be  appropriate 
for  your  network.  Perhaps  you  want  sim¬ 
plicity.  A  ready-to-use  network  appliance 
might  appeal  to  you.  Having  a  third  party 
monitor  your  network  might  relieve  your 
staff  of  a  burdensome  workload.  You 
might  be  having  a  specific  problem  with 
application  response  times.  A  graphical 
alerting  and  monitoring  tool  might  help 
you  solve  problems  quicker.  An  easy-to- 
use  scheduling  tool  can  make  life  easier 
by  running  programs  at  certain  times  on 
certain  days  while  it  also  an  eye  on  your 
network.  It’s  your  choice. 
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AdRem's  NetCrunch  provides  a  map  of  your  network  and  useful  reports. 


How  we  did  it 


We  evaluated  each  product's 
ability  to  manage,  administer, 
update,  monitor,  report  on, 
diagnose,  troubleshoot,  reset,  recon¬ 
figure  and  secure  network  devices, 
server  computers  and  client  com¬ 
puters.  Virtually  all  our  testing  took 
place  across  WAN  links. 

The  ability  to  resolve  a  problem 
automatically  was  a  plus.  We  tested 
the  sending  of  SNMP  alerts  and  the 
processing  of  incoming  alerts.  We 
produced  reports  to  show  device 
and  computer  status  information, 
network  usage  trends,  security 
breaches,  availability  and  uptime 
information,  network  baseline  infor¬ 
mation  and  graphical  network  maps. 
We  also  tested  any  special  features 
a  product  offered. 

The  test-bed  network  consisted  of 
six  Fast  Ethernet  subnet  domains 
routed  by  Perle  and  Cisco  routers. 
Our  lab's  various  computing  plat¬ 
forms  included  Windows  NT/98/2000/ 
ME/XP,  Solaris  8.0  and  Macintosh 
System  8.  The  relational  databases 
on  the  network  were  Oracle  81,  IBM 
DB2  Universal  Database,  Sybase 
Adaptive  Server  12.5  and  Microsoft 
SQL  Server  2000.  The  transport  pro¬ 
tocols  on  the  network  were  TCP/IP, 
IPX,  AppleTalk  and  SNA.  An  Agilent 
Advisor  protocol  analyzer  eaves¬ 
dropped  on  the  network  traffic  to 
reveal  both  overall  utilization  and  the 
detailed  content  of  messages. 

A  Compaq  Proliant  ML570  com¬ 
puter  with  four  900-MHz  CPUs,  2G 
bytes  of  RAM  and  135G-byte  hard 
disks,  running  Windows  2000 
Advanced  Server,  was  our  test  plat¬ 
form  for  all  the  products  except 
Netlntact's  PacketLogic,  which 
arrived  installed  on  its  own  rack- 
mount  appliance. 


Nance,  a  software  developer  and  consul¬ 
tant,  is  the  author  of  Introduction  to 
Networking,  4th  Edition  and  Client/Server 
LAN  Programming.  He  can  be  reached  at 
barryn  @erols.  com 

Nance  is  also  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative 
of  the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of  prac¬ 
tical  experience  on  every  review.  For  more 
Test  Alliance  information,  including  what  it 
takes  to  become  a  member,  go  to 
www.  nw  fusion,  com  /alliance. 
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SECURITY  EVENT  MANAGEMENT 

ArcSight's  flexibility  and  interface  helps  it 
lead  the  pack  of  security  data  organizers 

■  BY  MANDY  ANDRESS,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

irewalls,  intrusion  detection,  vulnerability  assessment  tools  —  oh  my!  These 
are  just  a  few  of  the  devices  that  generate  megabytes  (and  sometimes  giga¬ 
bytes)  of  daily  logs  of  interest  to  security  professionals.  And  that’s  before  you 
count  the  piles  of  log  data  generated  by  anti-virus  applications,  operating 
systems,  Web  servers,  file  integrity  programs  and  routers/switches. 


The  data  is  overwhelming  at  best,  and 
analyzing  it  accurately  without  assis¬ 
tance  is  impossible. 

Enter  security  information  manage¬ 
ment  (SIM),  security  event  management 
(SEM)  and/or  enterprise  security  man¬ 
agement.  Whatever  your  naming  prefer¬ 
ence,  the  goal  is  the  same:  to  make  sense 
of  the  data  your  security  infrastructure 
provides. 

The  term  SEM  seems  to  best  describe 
the  task  these  products  perform.  Devices 
generate  alerts  or  logs  on  security  events, 
such  as  blocked  packets,  failed  logons  or 
attempted  exploits.  Managing  these 
events  is  the  next  step  in  the  evolution  of 
the  corporate  security  infrastructure. 

ArcSight,  e-Security  netForensics,  Net¬ 
work  Intelligence  and  Tenable  Network 


Security  agreed  to  participate  in  this  re¬ 
view,  while  Consul,  GuardedNet,  Intelli- 
tactics,  NetlQ,  Open  Service  and  Tivoli 
declined. 

ArcSight  2.5  wins  our  Blue  Ribbon 
Award  based  on  its  ease  of  use,  flexibility 
and  administration  interface.  E-Security 
v4  was  not  far  behind.  Its  extensibility 
makes  it  stand  out,  but  the  product  is  not 
very  easy  to  use. 

Network  Intelligence’s  HA  Series  comes 
in  a  close  third.  It  is  the  only  product  sold 
as  an  appliance,  and  it  is  easy  to  set  up 
and  use.  NetForensics  3.1  has  a  lot  of 
potential,  but  the  user  interface,  SIM 
Desktop,  could  be  improved. 

Tenable’s  Lightning  2.0  only  focuses  on 
vulnerability  assessment  and  intrusion- 
detection  system  (IDS)  logs.This  product 


Net  Results 


is  an  excellent  investment  for  small  orga¬ 
nizations  getting  started  in  SEM.  It  is  less 
expensive  than  the  other,  more  complex 
products  and  much  easier  to  set  up. 

Implementing  SEM 

SEM  implementations  require  careful 
planning  and  analysis,  even  before  you 
decide  which  product  to  purchase.  You 
need  to  fully  understand  what  systems 
you  want  logged,  how  you  want  those 
logs  gathered  and  how  many  logs  each 
system  generates  on  average  and  during 
peak  times,  such  as  worm  outbreaks. 

A  further  consideration  new  to  most 
corporate  security  departments  is  data 
management.  Enterprise  SEM  products 
use  beefy  database  backends  —  usually 
Oracle  or  Sybase.  Most  corporate  security 
teams  do  not  have  a  database  adminis¬ 
trator  on  staff,  so  they  try  to  work  with  the 


corporate  database  team  or  look  at  hir¬ 
ing  some  help.  Hand  in  hand  with  data¬ 
base  management  and  maintenance  is 
data  retention  policy  Data  retention  poli¬ 
cies  can  have  a  large  effect  on  your  SEM 
implementation  because  they  mandate 
some  of  your  hardware  requirements. 

The  products  we  tested  all  handle  SEM 
differently  One  major  difference  is  how 
they  are  sold.  Network  Intelligence  is  the 
only  product  sold  as  an  appliance  with 
hardware  and  software  included.  All 
other  products  are  software  only, so  factor 
in  the  cost  of  hardware  purchases  in  your 
budget.  If  you  need  to  purchase  any¬ 
where  near  the  same  systems  provided 
for  our  testing  (see  How  we  did  it  at  www. 
nwfusion.com,  DocFinder:  8935),  your 
hardware  budget  will  be  significant. 

It  all  depends  on  the  number  of  systems 
you  plan  to  monitor,  the  number  of  daily 
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ArcSight  2.5 

Company:  ArcSight,  www. 
ancsight.com  Price:  $54,000  for 
two  consoles  and  30  devices. 
Pros:  Intuitive,  easy-to-use 
interface;  excellent  graphing 
and  reporting  functionality; 
flexible  filter  and  correlation 
rule  creation.  Con:  Agent 
documentation  not  100% 
accurate. 

e-Security  v4 

Company:  e-Security,  www. 
esecurityinc.com  Price:  $60,000 
for  console  plus  per  device  fee. 
Pros:  Extremely  flexibile  and 
extensible;  supports  just  about 
any  device.  Cons:  Complex;  not 
very  intuitive. 

Network  Intelligence 

Corporation  HA  Series 

Company:  Network  Intelligence, 
www.network-intelligence.com 
Price:  $83,650  as  tested.  Pros: 
Most  intuitive,  easy-to-use 
product;  purchase  includes 
hardware.  Cons:  Not  as  flexible 
and  extensible  as  some  of  the 
other  products;  licensing  based 
on  events  per  second. 
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Tenable  Lightning  2.0 


Company: Tenable  Network 
Security,  www.tenablesecurity. 
com  Price:  $9,000  for  255  IP 
addresses.  Pros:  Fast  setup; 
easy  to  use.  Con:  Supports 
limited  number  of  vulnerability 
assessment  and  IDS  devices. 
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netForensics  3.1  with  SIM 
Desktop 


Company:  netForensics,  www. 
netforensics.com.  Price: 
Ranges  from  $60-100,000.  Pro: 
Case  management  supports 
attachments.  Cons:  GUI  is 
resource-intensive  on  the  client; 
adding  new  devices, 
understanding  events  not  very 
!  intuitive. 
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events  you  expect  to  process  and  how  long 
you  need  to  retain  the  data  on  your  system 
for  analysis.  Systems  that  vendors  provided 
for  this  review  typically  included  a  multi- 
CPU  system  with  2G  to  4G  bytes  of  RAM. 

In  terms  of  licensing,  Tenable  Lightning 
2.0  is  licensed  by  the  number  of  IP  address¬ 
es  active  on  your  network.  Network  Intel¬ 
ligence  is  licensed  by  events  per  second 
(EPS).  NetForensics  3.1  is  licensed  by  de¬ 
vices  being  monitored.  With  e-Security  v.4, 
you  purchase  the  console  plus  pay  an  addi¬ 
tional  fee  for  each  device  being  monitored. 
ArcSight  2.5  is  priced  on  a  combination  of 
consoles,  monitored  devices  and  CPU  in 
the  Manager  server. 

For  installation, we  used  each  company’s 
professional  services  team  when  avail¬ 
able,  which  is  highly  recommended.  SEM 
products  are  complex,  and  although  you 
could  set  up  the  software  yourself,  imple¬ 
mentation  will  be  much  easier  if  you  use 
the  expertise  available  through  profes¬ 
sional  services.Tenable  was  the  only  prod¬ 
uct  that  we  completely  installed  our¬ 
selves.  Most  products  come  with  at  least 
one  day  of  professional  services  included 
in  the  purchase  price. 

Each  company,  with  the  exception  of 
Tenable,  sent  us  pre-configured  hardware. 
The  installation  team  came  in  to  configure 
the  device  for  our  lab  environment  and  set 
everything  up  so  alerts  and  events  were 
being  sent  to  their  system  from  three  initial 
devices  in  our  test  bed  —  a  NetScreen 
Technologies  firewall,  a  Cisco  VPN 
Concentrator  and  a  Cisco  Catalyst  switch 
—  which  all  logged  directly  to  syslog.The 
netForensics  and  Network  Intelligence 
installs  were  the  quickest,  lasting  just  two 
hours  for  initial  setup,  device  configuration 
and  a  quick  tutorial.  ArcSight  and 
e-Security  took  four  and  eight  hours, 
respectively. 

The  installation  times  directly  correlate 
with  the  complexity  of  the  product.  Net¬ 
work  Intelligence  is  the  cleanest  product 
when  it  comes  to  setup  and  adding  new 
devices  to  monitor,  but  it  is  also  the  least 
flexible.  We  included  a  NetScreen  firewall 
running  an  older  version  of  its  operating 
system  in  our  test  bed.  Network  Intelligence 
and  NetForensics  products  could  not  evalu¬ 
ate  events  from  this  NetScreen  firewall 
because  they  only  supported  newer  ver¬ 
sions  of  the  operating  system.  ArcSight  and 
e-Security  handled  the  older  operating  sys¬ 
tems  just  fine  because  they  can  create  cus¬ 
tom  agents  and  support  just  about  any 
product  that  generates  a  log. 

With  SEM  products,  there  is  considerable 
discussion  about  agent  and  agentless  prod¬ 
ucts.  The  word  agent  conjures  up  thoughts 
of  a  piece  of  software  running  on  moni¬ 
tored  devices. These  products  blur  that  line 
a  bit. E-Security  uses  agents,  but  they  run  on 
a  separate  agent  server.  ArcSight  uses 
agents,  but  it  also  can  run  agentless.  But  if 
you  go  this  route  with  ArcSight,  you  lose 
some  of  the  features  the  agents  provide, 
such  as  agent-level  filters  for  events  you 
don’t  want  logged  to  the  central  server. 

A  major  trial  of  the  products  was  adding 
new  devices  to  monitor.  We  gathered  a  test 


ArcSight's  ArcSight  2.5  security  event  man¬ 
agement  software  garnered  Blue  Ribbon  hon¬ 
ors  based  on  its  ease  of  use,  flexibility  and 
outstanding  administration  interface. 

bed  of  various  firewall,  IDSs,  Web  servers, 
operating  systems,  network  infrastructure 
devices  and  security  integrity  products, and 
attempted  to  monitor  them.Tenable  did  not 
fully  participate  in  this  test  because  it  only 
supported  the  Nessus  and  Snort  systems. 

Each  product  gathers  data  differently  and 
we  were  constantly  reconfiguring  our  test 
bed  just  to  log  to  a  specific  product.  For 
example,  most  products  supported  the  gen¬ 
eral  syslog  format  of  the  VPN  Concentrator, 
but  Network  Intelligence  only  supported 
the  Cisco  IOS  logging  format. 

Snort  logging  was  also  an  interesting 
setup.  We  ran  a  basic  Snort  installation  log¬ 
ging  only  to  syslog.  NetForensics  had  set  up 
a  syslog  agent  on  its  server  listening  on  Port 
888, so  we  had  to  reconfigure  our  syslog  on 
our  Snort  system  to  communicate  over  that 
port.  Network  Intelligence  provided  the 
quickest  setup,  as  it  required  just  a  regular 
syslog  configuration.  E-Security  provided  a 
Snort  agent  on  its  agent  server  during  instal¬ 
lation,  but  when  we  went  to  set  it  up,  we 
couldn’t  get  it  to  work,  and  documentation 
was  not  available.  A  quick  message  to  sup¬ 
port  provided  a  new  agent  and  detailed 
documentation  that  got  us  up  and  running. 
ArcSight  provided  a  Snort  agent,  but  it  only 
worked  if  you  used  database  logging.  For 
syslog, you  needed  to  install  the  syslog  pipe, 
but  this  configuration  was  not  noted  in  its 
Snort  documentation.  A  question  to  the  sup¬ 
port  team  quickly  resolved  this  issue. 

Overall,  Network  Intelligence  provides 
the  best  setup  for  new  devices,  but  you  are 
limited  to  the  products  they  support. 
ArcSight  has  the  best  agent  installation 
process.  Their  agent  install  program  looks 
the  same  across  platforms,  provides  a  full 
list  of  devices  to  select  and  includes 
detailed  installation  instructions. 

ArcSight  also  provides  the  best  means 
of  supporting  proprietary  or  unsupported 
logs.  Its  Flexagent  lets  you  quickly  parse  a 
log  file  to  use  in  filters  and  correlation 
rules.  E-Security  also  provides  this  ability, 
but  the  setup  is  more  complex  and 
time-consuming. 

We  spent  a  good  deal  of  time  setting  up 
devices  under  each  SEM  product  frame¬ 
work.  Systems  logging  to  syslog  was  usually 


the  easiest, but  we  even  hit  a  few  snags  with 
those  —  what  port  to  use,  what  facility  to 
use.  Windows  event  logging  was  also  tricky 
usually  being  the  one  device  that  definitely 
required  an  agent  on  the  actual  Windows 
server.  All  products  supported  Check  Fbint 
firewall  logs,  but  this  was  not  easy  to  set  up 
for  any  product.  Check  Fbint  has  always 
made  its  product  more  complicated  than  it 
needs  to  be,  and  logging  setup  continues 
this  tradition. 

Because  security  analysts  will  spend 
many  hours  a  day  looking  at  the  SEM  inter¬ 
face,  the  GUI  should  be  intuitive, easy  to  use 
and  helpful.  Again,  Network  Intelligence 
provides  the  most  intuitive,  easy-to-use  in¬ 
terface,  but  it  is  not  as  flexible  as  some  of 
the  other  products.  ArcSight  provides  the 
most  flexible  interface  and  is  still  easy  to 
use  in  spite  of  everything  you  can  do  with 
it.  You  can  configure  your  workspace  with 
any  number  of  graphs  and  views,  all  com¬ 
pletely  customizable. You  can  drill  down  to 
more  detailed  information  at  just  about 
every  point, and  you  can  turn  anything  into 
a  graph. 

NetForensics  uses  a  desktop  GUI  that 
looks  like  an  X-Windows  desktop. This  inter¬ 
face  was  a  bit  clunky  and  resource-inten¬ 
sive.  It  also  was  not  very  intuitive,  taking 
quite  a  while  and  a  lot  of  documentation 
searching  to  figure  out  how  to  view  events 
in  real  time.  Additionally,  the  desktop  was 
easy  to  overload  and  clutter  with  windows. 
The  e-Security  interface  is  complex  and 
comprehensive,  but  not  very  intuitive  or 
easy  to  use. 

Several  of  the  products  also  include  case 
management  functionality  to  track  and 
record  incidents  as  they  are  investigated. 
Events  can  be  tagged  and  added  to  inci¬ 
dents  just  about  anywhere  in  the  GUI. 
ArcSight  and  e-Security  stand  out  in  this 
area  for  ease  of  use.  NetForensics  includes 
a  collaboration  area  —  a  screen  where 
users  can  type  messages  and  have  them 
visible  to  all  other  users  —  and  the  ability 
to  attach  any  file  to  a  case. 

After  getting  our  devices  set  up,  we 
launched  Nessus  and  Internet  Security  Sys¬ 
tems’  Internet  Scanner  scans  to  trigger  fire¬ 
wall,  Snort  and  system  events.  We  created 
various  filters,  correlations  and  alerts  on 
each  product.  ArcSight  provided  the  best 
method  of  creating  filters  and  correlation 
rules,  and  you  are  only  limited  by  your 
imagination.  In  this  category  e-Security  is 
powerful,  but  just  not  very  intuitive. 

At  the  most  basic  level,  SEM  products 
aggregate  security  logs  from  various 
devices.  Taking  SEM  to  the  next  level,  these 
products  add  correlation,  which  lets  you 
create  alerts  for  any  combination  of  log 
entries.  For  example, you  can  create  an  alert 
if  you  see  a  port  scan  and  an  attempted 
attack  (seen  through  IDS  logs)  for  your  Web 
server  if  the  source  IP  address  is  the  same. 
The  next  step,  which  some  products 
(Tenable)  support  and  others  (e-Security) 
are  beginning  to  support,  provide  correla¬ 
tion  between  vulnerability  assessment  and 
IDS. You  do  not  get  an  alert  on  an  IDS  log 
unless  the  targeted  system  is  vulnerable  to 
the  attempted  attack. This  feature  is  benefi¬ 


cial  because  it  can  help  reduce  IDS  false 
positives. 

SEM  products  include  a  number  of 
canned  reports  and  the  ability  to  create 
customized  reports.  These  reports  also  can 
be  scheduled  to  run  daily,  weekly  monthly 
and  e-mailed  to  you.  Reports  vary  from 
high-level  executive  summary  to  detailed 
packet  analysis.  We  liked  ArcSight’s  overall 
reporting  system  the  best  for  flexibility  and 
ease  of  use.  E-Security  set  up  a  separate  sys¬ 
tem  to  serve  as  its  Crystal  Reports  server, 
while  all  other  products  kept  reporting 
functionality  on  the  manager/console 
server  for  our  review. 

Each  vendor  discussed  EPS  ratings  with 
us.  Because  of  time  constraints,  we  only  ran 
one  test  with  a  sustained  300  EPS  level  in 
the  lab,  and  none  of  the  products  had  any 
trouble.  Any  SEM  implementation  should 
be  able  to  handle  incident  spikes  and  not 
be  maxed  out  at  normal  operating  levels. 
Blaster,  Welchia,  MS-SQL  Slammer  and 
whatever  the  next  worm  might  be  generate 
significantly  more  events  than  your  normal 
operations,  and  you  need  to  make  sure  you 
can  handle  this. 

SEM  requires  that  you  clearly  define  your 
requirements  before  starting  the  evaluation 
process.  If  your  environment  is  very 
straight-forward  and  not  running  any  pro¬ 
prietary  applications,  Network  Intelligence 
provides  the  fastest  setup  time  and  easiest 
implementation.  If  your  environment  is 
complex  and  you  plan  to  use  SEM  to  col¬ 
lect  security  data  from  every  production 
device,  e-Security  provides  the  most  flexi¬ 
bility  and  extensibility  but  it  is  not  easy  to 
use  and  includes  a  steep  learning  curve. 


Andress  is  president  of  ArcSec  Tech¬ 
nologies,  a  security  company  focusing  on 
product  reviews  and  analysis.  She  can  be 
reached  at  mandy@arcsec.com. 


Global  Test  Allia 


■  Andress  is  also  a  member  of  the 
Network  World  Global  test  Alliance,  a  coop¬ 
erative  of  the  premier  reviewers  in  the  net¬ 
work  industry,  each  bringing  to  bear  years 
of  practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 

Other  members:  John  Bass,  Centennial 
Networking  Labs,  North  Carolina  State 
University;  Travis  Berkley,  University  of 
Kansas;  Jeffrey  Fritz,  University  of 
California,  San  Francisco;  James  Gaskin. 
Gaskin  Computing  Services;  Greg 
Goddard,  University  of  Florida;  Thomas 
Henderson,  ExtremeLabs:  Miercom, 
Network  consultancy  and  product  test 
center;  David  Newman,  NetworkTest; 
Christine  Perey,  Perey  Research  & 
Consulting;  Barry  Nance,  independent  con¬ 
sultant.  Thomas  Powell.  PINT.  Joel  Snyder, 
Opus  One. 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Fighting  spam  the  old-fashioned  way 

Supplement  technology  with  policies  and  practices  that  help  curtail  unwanted  e-mail. 


■  BY  CARA  GARRETSON 

While  trying  to  deflect  the  barrage  of  spam  that  hits  corporate  in-boxes  on  a  daily  basis  is 
a  task  best  left  to  technology  there  are  some  basic  guidelines  IT  managers  can  set  for  their 
users  to  help  cut  down  on  the  amount  of  unwanted  e-mail  a  company  receives. 


Analysts  and  corporate  managers  agree  that  attempting 
to  stop  spam  without  the  proper  software,  appliances  or 
services  is  just  too  daunting  a  job  for  mere  humans. 
However,  many  companies  are  reluctant  to  install  spam  fil¬ 
ters  for  fear  the  technology  mistakenly  will  quarantine  or 
delete  crucial  e-mails,  resulting  in  frustrated  users  and  per¬ 
haps  missed  business.  Only  about  30%  of  companies 
today  have  anti-spam  technology  in  place,  says  Sara 
Radicati,  analyst  with  The  Radicati  Group,  and  that’s  in 
large  part  because  of  the  fear  of  false  positives. 

Technology  aside,  IT  managers  can  take  steps  to  reduce 
spam,  ranging  from  basic  end-user  education  to  setting 
company-wide  policies  regarding  how  an  employee’s 
computer  and  corporate  e-mail  address  are  used.  And 
because  no  anti-spam  product  can  block  every  piece  of 
spam  that  enters  an  organization’s  network,  even  compa¬ 
nies  that  use  spam  filters  can  benefit  from  a  few  simple 
policies  to  help  users  deal  with  the  unwanted  e-mail  they 
still  receive. 

Establishing  written  Internet-usage  policies  —  including 
e-mail  guidelines  —  should  be  a  priority  in  any  IT  orga¬ 
nization,  says  Jason  Sosinski,  IS  security  administrator 
with  ARS  Service  Express,  a  heating  and  cooling  services 
company  headquartered  in  Memphis, Tenn. 

“The  actual  act  of  writing  a  policy  is  necessary  . . .  with¬ 
out  it,  when  you  need  to  inform  an  employee  of  their 
inappropriate  behavior  and/or  terminate  their 
employment  based  on  their  Internet  usage, 
you  will  have  no  grounds  to  stand  on,” 

Sosinski  says. 

Such  e-mail  policies  “are  really  very 
important  components  [in  the  fight  against 
spam] .  In  the  past,  users  have  been  a  bit  too 
casual  with  their  Internet  use,”  Radicati  says. 

However,  she  warns  managers  to  tread  care¬ 
fully  when  trying  to  establish  hard-and-fast 
rules  regarding  e-mail.“It’s  a  very  difficult, gray 
area.  Maybe  someone’s  getting  an  e-mail 
about  airline  discounts  that  once  in  a  while 
might  be  useful  for  a  business  trip.However.it 
is  legitimate  to  make  employees  aware  they 
should  use  their  computers  and  work  time 
for  business-related  activities,”  she  says. 

Increased  vigilance 

At  Allen  Matkins  law  firm  in  Los  Angeles,  fighting  spam 
has  on  occasion  been  the  topic  of  monthly  training  ses¬ 
sions  the  IT  department  holds  with  its  500  users.  Even 


though  the  company  uses  FrontBridge  Technologies’  anti¬ 
spam  service,  director  of  technology  Frank  Gillman  wants 
employees  to  know  how  to  deal  with  the  few  spam  mes¬ 
sages  that  make  it  through  to  their  in-boxes  and  address 
questions  users  might  have  regarding  their  home  com¬ 
puters.  “We’ve  done  training  sessions  on  spam  [to  tell 
users]  why  they  are  getting  those  messages,” Gillman  says. 

Users  at  Allen  Matkins  are  instructed  to  forward  any 
spams  they  receive  to  the  Federal  Trade  Commission’s  e- 
mail  address  for  reporting  unwanted  e-mail 
(uce@ftc.gov).  “Users  always  seem  to  feel  better  about 
that.  They  feel  like  they  are  being  proactive”  in  helping 
fight  spam,  Gillman  says. 

The  law  firm  also  uses  content-filtering  software  from 
WebSense  to  prevent  employees  from  visiting  Web  sites 
featuring  adult  content  while  at  work.“lt’s  really  more  part 
of  our  sexual  harassment  policy;  if  we’re  going  to  promote 
a  healthy  workplace,  then  we  should  put  controls  in  that 
eliminate  that  content,”  Gillman  says. 

Some  experts  say  limiting  the  types  of  Web  sites  that 
employees  can  visit  helps  cut  down  on  the  amount  of 
spam  a  company  receives  by  reducing  how  often  users 
might  enter  their  e-mail  addresses  to  receive  newsletters 
or  other  mailings.That  limits  the  availability  of  their  e-mail 
addresses  to  spammers.  Gillman  says  his  firm  hasn’t  ana¬ 
lyzed  whether  or  not  blocking  employee  access  to  adult 
sites  has  had  that  effect,  but  adds  it’s  another  good 
reason  to  limit  users’ Web  surfing. 

Educating  users  to  the  tricks  that  spammers 
employ  can  help  prevent  spam  from  spread¬ 
ing  through  an  organization,  says  Tony 
Falzon,  director  of  research  and  Internet  ser¬ 
vices  at  Wayne  State  University’s  computing 
and  IT  department  in  Detroit.  Wayne  State 
uses  Mirapoint’s  anti-spam  software  to  protect 
its  55,000  e-mail  users,  but  Falzon's  depart¬ 
ment  still  sends  out  periodic  bulletins  to  its 
users  informing  them  of  spam  and  virus  tricks. 

Most  e-mail  users  already  know  not  to 
respond  to  obviously  fraudulent  solicitations, 
such  as  get-rich-quick  schemes  or  pleas  to 
send  account  information  to  a  Nigerian  bank. 

But  what  many  users  don’t  know  is  when 
they  attempt  to  remove  themselves  from  an  e- 
mail  list  by  hitting  a  “remove  me”  link  embedded  in  a 
spam  message,  the  request  is  often  ignored  and  their  e- 
mail  address  is  automatically  added  to  additional  spam 
lists,  Falzon  says. 


While  reputable  businesses  will  respect  a  recipients 
“remove  me”  request,  users  should  be  sure  they’re 
responding  to  a  mailing  they  requested  in  the  first  place. 
“If  the  e-mail  comes  from  a  sender  you  don’t  know,  never, 
ever  respond,”  Falzon  says. 

In  theory  e-mail  users  should  soon  see  a  reduction  in 
the  amount  of  unwanted  commercial  messages  flooding 
their  in-boxes,  thanks  to  the  Controlling  the  Assault  of 
Non-Solicited  Pornography  and  Marketing  (CAN-SPAM) 
Act  that  Congress  passed  earlier  this  month.  The  bill. 

Simple  but  smart 

Implementing  these  basic  policies  can  help 

cut  down  on  spam. 

•  Establish  written  guidelines  for  how  corporate 
e-mail  addresses  and  Web  browsers  are  to  be 
used  by  employees. 

•  Educate  users  to  never  respond  to  an  e-mail  when 
the  sender  is  unknown,  even  to  remove 
themselves  from  a  mailing. 

•  Encode  corporate  e-mail  addresses  posted  on 
company  Web  sites  in  Javascript  or  HTML  to 
hinder  a  spider's  ability  to  recognize  them. 

•  Even  if  you’re  using  anti-spam  software,  urge 
users  to  report  spam  that  sneaks  through  to  a 
corporate  e-mail  address  for  further  analysis,  or 
to  the  FederalTrade  Commission. 

which  President  Bush  is  expected  to  sign  into  law  before 
year-end,  takes  an  opt-out  approach,  meaning  businesses 
can  send  unsolicited  commercial  e-mail  as  long  as  each 
message  includes  a  mechanism  for  recipients  to  request 
not  to  receive  more. 

Through  the  opt-out  mechanism,  e-mail  users  will  be 
able  to  take  their  names  off  of  mailing  lists;  however,  crit¬ 
ics  of  the  CAN-SPAM  bill  say  tracking  down  senders  who 
don’t  respect  opt-out  requests  will  be  difficult  since  many 
spammers  operate  from  overseas. 

Another  step  companies  can  take  to  help  reduce  spam 
is  to  encode  the  employee  e-mail  addresses  posted  on 
their  corporate  Web  site  so  that  spammers’ spiders  —  soft¬ 
ware  programs  that  searcfi  the  Web  for  e-mail  addresses 
—  can’t  recognize  them.  . 

“A  lot  of  spam  that  hits  companies  comes  from  having 
Web  sites  with  e-mail  addresses  of  corporate  employees 
that  get  scraped  by  spiders,” says  Amit  Asaravala,  editor  of 
Spamotomycom.an  anti-spam  online  resource  with  prod¬ 
uct  directories  and  news.  “You  can  use  Javascript  and 
HTML  encoding  so  these  spiders  can’t  as  easily  scrape 
the  e-mail  addresses.  The  e-mail  address  looks  normal 
and  acts  normal  [to  Web  site  visitors] ,  but  from  the  back 
end  you  just  see  code.’  a 
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GTAs 

Firewall  Family 


Global  Technology  Associates' firewall  family  provides  powerful 
enterprise-level  security  with  comprehensive  features  that  are  easy 
to  implement  in  most  corporate  environments.  GTA  firewall  products 
combine  a  proprietary  operating  system,  firewall  and  hardware  into 
one  easy-to-install,  self-contained  appliance  with  ICSA  4.0  Corporate 
certification.  The  multi-layers  of  features  allow  network  administrators 
to  choose  from  a  simple  plug-and-play  implementation  or  customize 
most  feature  settings  for  a  more  flexible  implementation. 
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OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

-  *  Real-time  statistics 

EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

-  •  Expert  Analysis 

.  •  Connection  Dynamics 

V  .  V.  ■ 

OBSERVER  SUITE 

jj  »  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 
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Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 

GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 
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Test-drive  the  new  Observer  9.0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-7919  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


Introducing  Observer  9.0 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RM0N  and  now  HCRMON  support 


www.networkinstruments.com/nine 
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Fingerprint  Authentication  Scanner  Enterprise  KVM  Solutions 

AlterPath'“Bio  AlterPath™KVM 


Advanced  Console  Servers 

AlterPath™AGS 


Network  Management  Gateway  Intelligent  Power  Distribution  Units 

AlterPath™  Manager  AlterPath'MPM 


Cyclades'  data  center  management  solutions  offers  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/secufityvyp  i 
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Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,"  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 
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WE  MAKE  IT  HAPPEN. 

Remote  Monitoring  Solutions 

RMON  and  HCRMON  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
.  RMON  and  HCRMON  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance 
^available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
T  information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


•  Full  compliance  with  RM0N1,  RM0N2  and  HCRMON 

•  High  capacity  RMON  Probes  provide  full-duplex  Gigabit 
»  capture  compatible  with  any  RMON  management  console  or 

collection  facility  (Observer,  OpenView,  Concord  , 

NetScout' ,  Micromuse™) 

•  Complete,  industry  standard,  software-based  probes  for 
.Windows  2000/XP 

•■  Software  based,  non-dedicated  data  collection 

•  Compatible  with  Network  Instruments’  optimized  ErrorTrak™ 
'  NDtS  drivers,  which  display  true  errors-by-station. 
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Wired  to  Wireless  •  LAN  to  WAN 


NETWORK 


US  &  Canada:  (952)  932-9899 

Toll  free:  (800)  526-7919 

UK  &  Europe:  +44  (0)  1959  569880 


OBSERVER 


OBSERVER 

i PROBE 


BlQBSER 


Q  ?003  Netv.  *  instruments,  LLC.  All  lights  reserved  Network  Instruments,  Observer,  ErrorTrak  and  the  Network  Instruments  logo  are  trademarks 
x  n  jisterad  trace.'  i  nks  ol  Network  Instruments.  LLC.  All  other  trademarks,  registered  or  unregistered,  are  sole  property  of  their  respective  owners 


toll  free  800  879  8795 
ph:  +  I  402  575  3000 
fax:  +1  402575  2011 


OptimumDatalnc. 


www.optimumdata.com 


#  j  ■  n  1 1  ii  ■mini 

Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 

»-«*#»  ■  • '  m  m  — — 


^  Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONKWAUl 
Security  Products! 

•  Inventory  on  hand 

•  Aggressive  prices 

•  Added  margins  with  training 

•  Pre  sales-Post  sales  support 

Securematics  is  a  SonicWALL  Authorized  Distributor 
And  Authorized  Training  Partner. 


To  sign  up  for  the  Medalion  Partner  Program,  please  contact  us. 


Call  -  888-746-6700  sales@securematics  com  www.securematics.com 
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(800)  854*7226  •  www.wti.com 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  11 5/230 VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the  Visit  website  fot  Complete  NetRedCh™  product  line. 

SCM-16  serial  outputs. 
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Telnet  Management 
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Serial  Management 


Link  Port 
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DATABASE  ENGINE  DESIGN¬ 
ER/D  EVE  LOPE  R-Quantit- 
atively-based  Financial  Manage¬ 
ment  firm  seeks  Database 
Engine  Designer/  Developer 
Duties  include  development  and 
maintenance  of  proprietary 
database  engines,  databases 
for  Company's  computer-  driven 
trading  systems  and  supporting 
accounting  systems  (including 
equities,  options  and  futures 
databases),  reporting  programs 
and  utilities.  PH  D.  in  Computer 
Science  required  Will  accept 
candidates  with  Master's  degree 
and  two  years  experience  in  job 
duties  Salary  according  to 
experience  Mail  resume  to: 
RTC:  600  Route  25A,  East 
Setauket,  NY  11733,  Attn:  RM 


Legal  Information  Services  co. 
with  head  offices  in  NYC  has 
opening  for  senior  software 
engineer  with  exp  in  VB,  OOAD 
methodology.  COM,  UML, 
DHTML,  XML,  ASP,  C++/Java, 
IIS,  ADO.  C#,  NET,  Oracle. 
Crystal  Reports  and  SQL  Server. 
Analyze,  design,  develop,  test  & 
support  web-based  e-commerce 
applications  for  MS  Windows. 
Resumes  to  HR  Dept.,  CT 
Corporation  Systems,  111 
Eighth  Ave,  NY,  NY  10011. 


Prog/Analysts  to  analyze, 
design  and  implement  appls 
using  OOAD,  C,  C++,  VC++, 
VB,  Oracle,  HTML,  SQL 
Server,  GUI  tools,  ASP, 
VBScript,  Crystal  Reports 
under  Windows,  UNIX  &  Sun 
Solaris;  perform  testing, 
debugging  and  documenta¬ 
tion  of  software  appls;  main¬ 
tain  and  support  existing 
applications.  Require:  B.S.  or 
foreign  equiv.  in  CS/Engg. 
(any  branch)  &  2  yrs  exp.  in 
IT.  Travel  involved.  F/T.  Comp, 
salary.  Responses  to:  HR, 
Ciphertrust,  Inc.,  4800  North 
Point  Parkway,  Ste  400, 
Alpharetta,  GA  30022. 


SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco. 
CA.  Warren.  NJ,  Salt  Lake  City, 
UT  and  Portland.  OR:  Art 
Director,  Web  Designer, 
Programmer  Analysts,  Technical 
Architects,  Technical  Consul¬ 
tants,  Business  Strategists, 
Systems  Analysts,  Software 
Engineers,  Software  Deve¬ 
lopers,  SAP  Consultant, 
resumes  by  email  or  fax  only  to 
HR,  SBI  2825  East  Cottonwood 
Parkway,  Suite  480,  Salt  Lake 
City,  UT  84121: 

careers@sbiandcompany.com; 
Fax  (801)  733-3201. 


A  Call 
To  Action! 

Take  the  hassle  out  of 
searching  for  the  right 
candidate  and  contact  us 
at  (800)  762-2977. 

We  can  place  your 
message  in  front  of  2/3  of 
all  US  IT  professionals. 
Call  (800)  762-2977 
www. itcareers.com 


Software  Engineer.  Sought  by 
Englewood  Colorado  consulting 
company  to  work  in  various 
unanticipated  locations  through¬ 
out  the  U.S  Duties:  Research, 
design  and  develop  computer 
software  systems  in  conjunction 
with  hardware  product  develop¬ 
ment.  Analyze  software  require¬ 
ments  to  determine  feasibility  of 
design  within  time  and  cost 
restraints.  Consult  with  clients 
to  define  needs  or  problems. 
Use  of  Oracle  8i,  Bounds  check¬ 
er.  Visual  Studio,  C,  C++,  Java, 
SQL  and  Windows  NT.  Reqs. 
Bachelor  or  equivalent  in 
Computer  Science,  Computer 
Engineering  or  related  field. 
Plus  6  months  in  the  job  offered 
or  6  months  in  a  related  occupa¬ 
tion,  including  Programmer 
Analyst.  $46, 634. 00/year,  40/ 
hrs/wk,  8AM-5PM.  Respond 
by  resume  to  EMPLOYMENT 
PROGRAMS,  PO  Box  46547, 
Denver,  CO  80202,  and  refer  to 
Job  Order  No.  C05062096  . 


Departmental  Information 
Systems  Specialist 

To  provide  technical/user  sup¬ 
port  for  computer  sys.  within 
assigned  dept.;  analyzes,  writes 
and  maintain  web-based  data¬ 
base  apps.  to  increase  operating 
efficiency  with  ASP,  UML,  Stored 
Procedures,  Content  Mgmt  and 
SharePoint  server  skills. 
Req.M.S.  degree  in  CS,  CIS  or  a 
related  field,  proficiency  in 
ASP.net,  Oralce  PL/SQL  & 
WHS.  40hrs/wk.  Send  resume 
to  HR.  6000  N.  Terminal  PKWY, 
Atrium,  4th  Floor,  Atlanta,  GA, 
30320.  Fax:  (404)  305-7950. 


Prog/Analysts  to  analyze, 
design,  test  client  server/web 
appls  with  OOAD  methodolo¬ 
gies  using  Java,  VB,  EJB, 
Servlets,  JScript,  XML,  HTML, 
Oracle,  SQL,  JDBC,  Access, 
Weblogic,  etc  in  Windows  OS; 
analyze  business  processes, 
determine  reqs,  generate 
reports;  perform  onsite/offsite 
maintenance;  document, 
debug,  test,  perform  code 
optimization.  Require:  BS  or 
foreign  equiv.  in  CS/Engg 
(any  branch)  &  2yrs  exp.  in  IT. 
Competitive  salary.  Travel 
involved.  F/T.  Resume  to:  HR, 
Bahwan  Cybertek  Tech¬ 
nologies,  Inc.,  209  West 
Central  Street,  Ste  312,  Natick, 
MA  01760. 


Seeking  qualified  applications 
for  the  following  positions  in  Des 
Moines,  Iowa  and  Dallas,  TX: 
Senior  Programmer  Analyst. 
Analyze,  design,  test,  dataware¬ 
housing  software  applns  using 
Cognos,  Teradata,  Informatica, 
DB2,  JAVA.  HTML,  on  UNIX, 
MVS,  Windows  OS:  gather,  doc¬ 
ument  reqs  from  user  communi¬ 
ty:  test,  trouble  shoot  project 
appln  code  according  to  system 
objectives.  Requires:  BS  or  for¬ 
eign  equiv.  in  CS/Engg. (any 
branch)  &  3  years  of  IT. 
Competitive  salary.  F/T.  Travel 
Involved.  Resume  to  HR,  ITCell 
Inc,  14200  Midaway  Rd,  #  135, 
Dallas,  TX  75038.  EOE  M/F/DA/. 


PROGRAMMERS/ENGINEERS 
needed:  Several  Sr.  and  Mid 
Level  positions  available  for 
qualified  candidates  possessing 
MS/BS  &  relevant  work  experi¬ 
ence.  Work  with  COBOL,  JCL, 
VSAM,  DB2,  CICS,  ORACLE. 
JAVA,  SERVLETS,  XML,  EJB, 
C++,  VC++,  SYSTEM  ADMIN, 
DBA's,  SAP.  Seibel,  PeopleSoft 
and  Technical  Recruiters. 
Please  mail  resume  to  Attn:  HR 
Dept.  LanceSoft  Inc,  1922 
Ingersoll  Ave  Suite  #3011,  Des 
Moines,  IA  50309 


Element  Manager  Software 
Developers  needed  to  design 
and  implement  Network 
Management  System  software 
for  Cisco  devices  using  Cisco 
Element  Management  Frame¬ 
work  for  communications  cus¬ 
tomers.  Develop  system  soft¬ 
ware  using  C++,  Unix  and 
Object  Oriented  design  and 
development  methodologies. 
Design  management  system 
software  by  analyzing  Manage¬ 
ment  Information  Base(MIB). 
Develop  Network  Management 
System  software  using  Simple 
Network  Management  Protocol 
(SNMP)  and  other  protocols. 
Provide  technical  support  for 
customers  and  serve  as  techni¬ 
cal  resource  for  junior  engi¬ 
neers.  Requires  a  Bachelor's 
degree  in  Computer  Science, 
Engineering  or  related  field  and 
three  years  experience  as  a 
Software  Engineer,  Programmer 
or  Analyst.  Experience  must 
include  one  year  of  experience 
developing  Element  Manager 
Software  using  Cisco  Element 
Manager  Framework.  To  apply 
please  send  resume  to  Angie 
Lebitz,  Cyberwerx,  Inc.  13000 
Weston  Parkway,  Suite  109, 
Cary,  NC  27513. _ 


Pool  Cover  manufacturing  com¬ 
pany  requires  Programmer/ 
Analyst:  Duties:  Design,  devel¬ 
op,  test,  debug,  and  implement 
in-house  software  applications 
in  the  areas  of  Production  man¬ 
agement,  Accounting  and  Sales. 
Thorough  Oracle  RDBMS  expe¬ 
rience  using  FoxPro,  Visual 
FoxPro,  Windows  Script 
Hosting,  VBA,  and  SQL.  Exp¬ 
erience  creating  COM  objects 
and  connections  to  AutoCad. 
Create  Web  based  applications 
using  Visual  FoxPro.  Req¬ 
uirements:  A  Bachelors  Degree, 
in  Math,  or  Sci,  or  Comp.  Sci. 
,or,  Engg.,  (or  equivalent),  and 
two  years  experience  in  the  job 
offered  or  related  occupation. 
40hrs/wk,  M-F,  8:00AM  to 
5:00PM.  Job  to  be  performed  in 
Trenton,  NJ.  Send  resumes  to: 
Operations  Manager,  Merlin 
Industries,  Inc.,  70  Culbertson 
Avenue,  P.O.  Box  570,  Trenton, 
NJ  08604. 


Software  Engineer:  Provide 
business  intelligence  reporting, 
database,  ETL  (Extract 
Transformation  &  Loading),  data 
warehouse  &  Java  expertise  to 
develop  cutting-edge,  J2EE 
enterprise  software;  perform 
complex  data  warehouse  design 
&  programming  tasks;  create 
technical  specification;  perform 
design  process  &  code  review; 
perform  maintenance  & 
enhancement  of  software  com¬ 
ponents  &  unit  testing.  Reqs: 
B.S.  in  Comp  Sci,  Info  Sys  or  a 
related  field.  2  yrs  exp  in  job 
offered.  Prof  in  UNIX,  Windows 
NT/2K,  Informatica,  Reporting 
tools,  Oracle,  SQL,  HTML, 
DHTML,  Java,  J2EE,  Java¬ 
Script,  JSP.  Servlets,  JDBC, 
Source  Management,  Star 
Schema  design  &  00  method¬ 
ologies.  40hrs/wk.  Send  res.  to 
box  V-1,  P.O.  Box  17182,  Phila., 
PA  19105. 


Database  Admr.  (4  openings): 
Analyze,  design  software  & 
hardware  requirements.  Install, 
adm.  Oracle  databases  in  HA 
cluster.  Support  OPS,  Adm. 
OAS.  Database  recovery. 
RMAN  backup,  Datastage, 
ERWIN,  Reportwriter,  Forms, 
Replication  Mgr.,  Pro'C,  Shell 
Scripting.  Use  Solaris,  HP-UX, 
AIX,  DEC-Alpha,  NT.  Req. 
Bachelor's  or  its  foreign  degree 
equiv.  in  CS,  Mathematics  or 
other  Engg  or  science  field  +  1 
yr  exp.  in  job  offered.  40  hr/wk 
Resume  to:  HR  Mgr,  Omnisoft, 
Inc.,  1265  Compass  Pointe 
Crossing,  Alpharetta,  GA  30005 


FT  Project  Manager.  Multiple 
positions.  Responsibilities  incl¬ 
ude:  Manage  the  design,  devel¬ 
opment  and  implementation  of 
multi-tier  client/server,  Internet/ 
Intranet  based  systems,  multi¬ 
user.  re-engineering  applica¬ 
tions  for  insurance  companies 
utilizing  Legacy  Mainframe 
Insurance  Applications  including 
Vantage-One.  ACES,  DSS,  RPS 
and  PREMIER  systems;  man¬ 
age  systems  analysts  designing 
systems  with  tools  including 
DADS,  SAVRS.  SAR.  APC, 
PanApt,  CompareX,  Spufi, 
Dclgen,  QMF,  Dispatch  and 
RDS,  and  Internet-based  appli¬ 
cations  with  HTML,  JAVA, 
JDBC,  JavaScript,  JSP,  and 
XSLT:  manage  user  acceptance 
tests  and  user  training.  Must  be 
willing  to  travel  to  client  sites 
Monday-Friday.  Must  have  a 
Master's  Degree  or  foreign  or 
educational  equivalent  in 
Computer  Science,  Engineering 
or  a  related  field  and  three  years 
of  experience  as  a  systems  ana¬ 
lyst  or  in  a  related  occupation,  or 
a  Bachelor's  Degree  or  foreign 
or  educational  equivalent  in 
Computer  Science,  Engineering 
or  a  related  field  and  five  years 
of  progressive  experience  as  a 
systems  analyst  or  in  a  related 
occupation.  If  interested,  submit 
resume  in  duplicate  to: 


Ms.  Sandy  Pruitt 
NIIT  (USA),  Inc. 

1050  Crown  Pointe  Parkway, 
Suite  500 

Atlanta,  GA  30338 


Computer.  Moneyline  Telerate  a 
leading  financial  information  ser¬ 
vices  firm  seeks  VP/Global 
Trading  Systems  for  NYC  office 
to  direct  /develop  software 
strategies  for  management  of 
data  distribution  systems.  Rpts 
directly  to  CTO.  Req'd  BA  in 
CSc/EE/  related  area,  3  yrs  exp. 
in  building  global  scalable  real 
time  equity  and/or  fixed  income 
systems,  w/full  life  cycle  dvlpmnt 
from  inception  to  delivery,  initiat¬ 
ing  devising,  monitoring,  review¬ 
ing  strategic  plans,  &  performing 
gap  analysis  to  ensure  that 
dvlpmnt  projects  meet  long- 
range  financial  goals.  7  years 
exp  req'd  w/IBM  MQ  Series, 
Tibco  TIB  &  Rendezvous,  Hawk 
System,  Triarch,  SmartSocket, 
IP  multicast,  STAMP/FIX/JMS  & 
mathematical  optimization  algo¬ 
rithms,  data  compression  algo¬ 
rithms,  data  encryption  &  securi¬ 
ty  on  distributed  systems;  in 
overseeing  through  intermediate 
management  the  design  &  cre¬ 
ation  of  detailed  software  sys¬ 
tem  specifications;  &  in 
researching/implementing  best 
practices  in  dvlpmnt  strategies. 
No  search  firms.  Send  e-mail 
w/resume  &  comp  rqmts  to 
recruiting@moneyline.com 


Riversand  Technologies,  Inc., 
specializes  in  providing  solu¬ 
tions  in  the  areas  of  Product 
Data  Management  and  services, 
custom  product  development 
and  B2B  integrations.  We  are 
currently  looking  for  the  follow¬ 
ing: 

Systems  Analysts:  Analyze, 
design,  develop,  test,  and  imple¬ 
ment  B2B/Enterprise  Application 
Integration  packages  and 
Distributed  Applications  Used 
UML.  C #,  VB.NET,  ASP.NET, 
SQL  Server,  XML  WebServices. 
SAP  Modules  and  Data 
Warehousing  tools.  Involved  in 
Database  Development  by 
Writing  and  Implementing 
Packages.  Stored  Procedures 
Triggers  and  Functions  using 
PL/SQL.  Need  Bachelor's 
degree  in  Computers  or 
Engineering  or  a  related  field 
Need  2  years  of  experience 

Send  Resume  to  HR  Manager 
Riversand  Technologies,  Inc 
13405,  NW  Freeway  Suite  228 
Houston,  TX  77070  or  via  e-mail 
at  HR@Riversand.com 


Client-Server  Developer.  Req  j 
uirements:  Experience,  with 
Federal  Vehicle  Identification 
Software  and  Requirements, 
Microsoft  MTS,  Visual  Interdov. 
IIS,  Great  Plains  eEntarprise 
5.0+,  andCitrix  Winframe/ 
Metaframe.  Ability  to  prioritize 
and  schedule  deliverables,  and 
to  communicate  clearly  in 
English,  orally  and  in  writing, 
with  co-workers  and  outside 
resources;  3  years  of  Client- 
ServerApplication  Development 
in  MS  WinNT/2000/SQL  Server 
Environment.  The  job  duties  are: 
Client-Server  application  devel¬ 
opment,  testing,  implementation 
and  maintenance  of  a  custom 
order  entry/vehicle  registration 
application  in  a  Microsoft 
Windows  NT/2000/SQL  Server 
environment.  Work  closely  with 
management  to  review  develop¬ 
ment  strategy  and  project  plans, 
with  users  to  identify  and  priori¬ 
tize  bug  fixes  and  application 
enhancements,  and  with 
Database  Administrator  to  opti¬ 
mize  application  performance. 
Maintain  application  version 
control.  Requires  B.S.  in 
Computer  Science  or 
Engineering,  or  equivalent,  and 
a  minimum  of  5  years  experi¬ 
ence  in  Software  Application 
Development.  40  hours  per 
week  at  $95,222  per  year. 
Please  send  2  copies  of  resume 
to  Case  #200203118,  Labor 
Exchange  Office,  19  Staniford 
St,  1st  Floor,  Boston,  MA  02114. 


NYFIX,  Inc.  seeks  Software 
Engineers  w/MS  in  Comp  Sci  or 
equiv  &  3yrs  exp 

*  Dsgn,  dvlp  &  test  real-time 

financial  trading  systems  in  C++ 
cross-platform  envrmt. 

Relational  theory,  ACID  sys¬ 
tems,  db  schemas,  stored  proc., 
queries  &  triggers  in  Oracle  & 
Sybase.  Exp.  supporting  live 
production  systems,  OOA/OOD, 
Win,  Solaris,  Boost,  STLPort; 
msg  &  storage  systems,  XML, 
UML,  crypt.,  code  optmise., 
algoritms  &  dsgn  patterns. 
Equities  exp.  Worksite  NYC. 
(Job#  3019) 

*  Dsgn  &  dvlp  proprietary 
applies:  Real-time  complex 
multi-tier  applic  in  C++  on 
Windows  NT/CE  &  Sun  Solaris. 
Dsgn,  implmt  &  integrate  GUI. 
C,  C++,  Visual  C++,  MFC, 
MQSeries,  TCP/IP,  Socket  & 
Multi-threaded  programming, 
Shell  Scripting,  Perl,  UML, 
Rational  Rose,  Oracle,  Sybase, 
Windows  &  Pocket  PC  envrmt. 
MS  Comp  Sci  or  equiv.  Worksite 
Stamford,  CT.  (Job#  3018) 

Mail  R  &  CL  referencing  Job  #  to 
NYFIX,  Inc.  HR  Dept,  333 
Ludlow  Street,  Stamford,  CT 
06902. 


Programmer  Analyst 
Responsible  for  Analysis, 
Design.  Development  and 
Implementation  of  various  sys¬ 
tems  using  CRM  Configuration 
tools,  Siebel,  Siebel  VB.  Siebel 
Tools,  Clearbasic,  and  UlEditor. 
Develop  business  processes  in 
Siebel  2000  eBusiness  applica¬ 
tions  and  Clarify  eBusiness 
applications.  Very  good  function¬ 
al  knowledge  of  Call  Center  and 
Billing  Solutions  process  need¬ 
ed  Bachelors  Degree  in 
Computer  Science  or  relevant 
field  with  4  Years  of  work  experi¬ 
ence  in  related  occupation.  49 
Hrs./Week.,  $70, 000/annum. 
Must  be  willing  to  relocate  to 
various  unanticipated  work  loca¬ 
tions  throughout  the  USA  every 
4  to  10  months,  employer  paid. 
Must  have  proof  of  legal  author¬ 
ity  to  work  in  the  United  States. 
Send  your  resumes  to  the  Iowa 
Workforce  Center,  215  Watson 
Powell  Jr.  Way,  #100,  Des 
Moines,  Iowa  50309-1727 
Please  refer  to  Job  Order 
IA1101810.  Employer  paid 
advertisement. 
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Engineering  Specialist.  Consult 
with  advise  customers'  project 
team  during  startup  to  determine 
3/ware  8  systms  specs,  usage  8 
setup.  Analyze  8  handle  practi¬ 
cal  issues  8  dsgn,  dvlp  8  plan 
workshops  relating  to  usage  of 
comp  syslms/prgms.  Define/ 
plan  startup  activities  for  cus¬ 
tomers'  project  technical  team 
Analyze  faults/recommend 
s/ware  8  systm  modifications. 
120-160  days  travei  required  per 
year  Req.:  Bach  degree  or  for¬ 
eign  equiv.  in  Comp  Sd  or  Engg. 
2  yrs.  exp  in  job  offd  or  as  Comp 
or  Electronics  Engr.  Working 
knowl.,  through  academic 
coursework  or  exp,  of  C  prgmg. 
UNIX,  network  communication  8 
distributed  transaction  based 
systms.  2  yrs.  exp.  in  the  follow¬ 
ing,  which  may  have  been 
obtained  concurrently:  project 
mgmt,  tech  analysis,  installation 
troubleshooting,  systm  testing  8 
creating  practical  solutions;  cus¬ 
tomer  support  8  conducting 
structured  customer  training; 
documentation-dsgn  8  cre¬ 
ation/maintenance  of  product 
spec  8  user  manuals;  8  logical 
dsgn  8  testing  of  complex  inte¬ 
grated  systms.  Resume:  Mr. 
Shane  O'Toole,  CCI  Europe, 
Inc.,  1701  Barrett  Lakes  Blvd., 
Ste.  380.  Kennesaw,  GA  30144. 


Programmer 

4D  software  application  devel¬ 
opment  by  using  OpenGL,  VB. 
VC++,  Java,  Java  Swing,  FOR¬ 
TRAN,  C.  OOA/OOD,  OO 
Programming,  UML.  Rational 
Rose.  Database  programming, 
Access.  SQL,  GUI  design,  GIS. 
Windows  and  Unix  system.  M  S. 
in  CS  or  rel.  8  2  yrs.  of  exp.  in 
above  pos.  or  rel.  with  abil.  to 
use  3D  plant  design  application, 
OpenGL,  VB,  VC++,  Java.  Java 
Swing.  FORTRAN,  C,  OOA/ 
OOD,  OO  Programming.  UML, 
Rational  Rose,  Database  pro¬ 
gramming,  SQL.  Access,  GUI 
design.  Visual  SourceSafe,  GIS, 
Installshield  Prof.,  Installscript, 
Primavera  Suretrak,  VMware 
Workstation,  Windows  and  Unix 
system.  40.0  hr/wk.  9-5.  Send 
resume  to:  Amadeus  Burger, 
Pres..  Construction  Systems 
Associates.  Inc..  425  Franklin 
Road,  Ste.  520,  Marietta,  GA 
30067 


Corpus  has  multiple  openings 
for  IT  professionals.  Following 
skills  preferred:  Oracle,  SQL, 
PL/SQL,  COBOL,  C/C++.  VB, 
SAP,  Java.  XML,  ERP,  ASP,  NT, 
XSL.  Minimum  BS  degree. 
Traveling  is  required  for  some 
positions.  Please  send  resumes 
to  resumes@corpuslnc.com. 
EOE. 

Argent  LLC  is  looking  for  pro¬ 
grammer/system  analyst,  soft¬ 
ware/project  engineers.  Duties 
include  software  8  system  appli¬ 
cation  design.  Skills  in  C/C++, 
Java,  PL/SQL,  Oracle  are  plus. 
Travel  required  for  some  posi¬ 
tions.  Degree  is  a  must.  Contact 
achauhan@argentinfotech.com 
EOE 


PROGRAMMER  ANALYSTS 
req'd  for  Naperville, IL  office. 
Develop  software  applications 
using  C,  C++,  VB,  Delphi,  ASP, 
XML.  UML,  Coolgen, 
Interwoven,  Oracle,  PL/SQL, 
Developer  2000  8  Designer 
2000  Bachelors  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yr  of 
related  exp  40  hrs/wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U  S.  Send 
resume  to  HR  Manager. 
Sapphire  Technology  Solutions. 
Inc.,  2727  Walsh  A v  Ste  #  207, 
Santa  Clara,  CA-95051 


Software  Developer  I  -  Business 
Tier:  Perform  product  design, 
bug  verification  and  beta  support 
in  a  J2EE  environment  using 
Java,  JDBC.  EJB,  RMI,  SQL  and 
UML  Develop  business  compo¬ 
nents  using  design  patterns. 
Conduct  systems  analysis  and 
product  development  throughout 
the  full  development  life  cycle. 
B.S.  in  CS,  Information  Science, 
EE  or  related.  Must  have  the 
ability  to  use  Java,  JDBC,  EJB, 
RMI,  SQL,  UML  and  design  pat¬ 
terns.  M  S.  accepted  in  lieu  of 
B.S.  40  hrs/week.  9am-5pm 
Positions  available:  multiple. 
Resume  to:  Mr.  Vichael  Fleming, 
Vice  President  of  Engineering, 
EPL  Inc.,  22  Inverness  Center 
Parkway,  Suite  400, 
Birmingham,  AL  35242. 
jobs@epl.net 


JAVA  Developer:  Implement  and 
document  J2EE  software  using 
knowledge  of  EJB,  JMS,  JNDI, 
JTA  and  SOAP.  Resolve  issues 
with  specs  and  integrate  items 
using  knowledge  of  operating 
systems:  AIX  5.1,  Solaris  8, 
Windows  2000.  Languages: 
Java  (JDK1.2  and  above),  XML, 
SQL.  Database:  Oracle  9i. 
Modeling  tools:  Rational  Rose 
Enterprise  Edition  7.5, 
UniysysRoseXML  Tools.  App- 
servers/Webservers:  Weblogic 
6.1sp5  and  above,  Websphere 
5.0,  Tomcat  4.0.6.  Version  con¬ 
trols  PVCS,  CVS.  XMLParcser: 
SAX,  JDOM,  Xerces.  Debugging 
tools:  EzSQL.  XMLTools: 

XmlSpy  4.0.  Master's  plus  exp. 
required.  Competitive  salary. 
Resumes  to  Worksuite  LLC, 
(Emily),  20405  St.  Hwy  249, 
#600,  Houston,  TX  77070. 


Programmer 

Maintenance  of  databases: 
Pervasive  Btrieve  and 
PervasiveSQL  v8l,  Oracle  9i. 
JDBC,  ODBC,  Oracle's  OCI  and 
OCCI.  ADO/OLE  DB  and  PDAC. 
SAG  CLI  Connectivity.  B.S.  in 
CS,  Data  Proc.  or  rel.  w/abil.  to 
use  FreeBSD  releases  4.x  and 
5.x.  Mandrake  Linux  v7.1,  ANSI 
Common  LISP,  C/C++  using 
Yacc  and  Lex  utilities.  Perl, 
ActivePerl,  PHP,  Rogue  Wave 
Tools. h++.  Resume  A-Soft 
Scientific,  P.O.  Box  1270, 
Roswell,  GA  30077. 


PROJECT  MANAGER  sought 
by  NJ-based  Int'l  Logistics  8 
Freight  F/wdg  Co.  for  job  loc  in 
Hamden,  CT.  Req'd  to  dvlp  8 
refine  plans  in  the  dsgn,  imple¬ 
mentation  8  integration  of 
KN/USCO  architecture  8  dvlpmt 
of  software  progs,  for  bus.  trans¬ 
actions.  Must  have  Bach  Deg  in 
Comp  Sci  (or  equiv)  and  3  yrs 
exp  in  job  offd.  Must  be  exp’d  in 
RUP  methodologies,  J2EE  8 
Rosetta  Net  Standards.  Send 
resumes  to:  Director,  Arch  8 
Planning,  USCO  Logistics,  Inc., 
One  Hamden  Center,  2319 
Whitney  Ave  .  Hamden,  CT 
06518. 


Software  Developer  w/ 
Bachelors  in  Computer 
Science/  Engineering 
and  2  years  exp.  want¬ 
ed  in  Houston,  TX. 
Respond  to: 
hr@thesystemshop  com 


Software  Eng.  to  develop  BPM 
Software  on  J2EE  platform  w / 
JDBC  compliant  database. 
Programming  using  Microsoft 
SQL  Server  2000/7.0.  MySQL 
and  PostgreSQL  on  Windows 
NT,  UNIX  8  Linux  platforms. 
Design  8  test  applications  using 
HTML,  DHTML.  XML,  Java. 
JSP,  Servlets,  Java  Scripts. 
EJB,  RMI,  CORBA.  ASP, 
JavaScript,  Velocity  templates  8 
Jetspeed.  Utilize  Internet 
Information  Servers,  Photoshop 
8  Illustrator  for  front-end  graph¬ 
ics.  Use  UML  for  application 
model  8  LDAP  for  ADS.  Comp, 
salary.  BS  in  Computer  Science 
with  +  2  yr.  exp.  Open  Systems, 
4005  Windward  PI.,  #  550, 
Alpharetta,  GA  30005  with  proof 
of  perm,  work  auth. 


Senior  Business  Analyst/ 
Programmer  Assist  health  orga¬ 
nizations  develop  the  steps  to 
comply  with  the  HIPAA,  assess 
the  current  environment,  provide 
recommendations  for  achieving 
HIPAA  compliance  within  the 
required  time  frames,  and  pro¬ 
vide  remediation  assistance  and 
training.  Provide  leadership  and 
direction  to  project  teams  and 
client  staff  regarding  HIPAA 
Privacy  and  Security.  -  2  yr 
experience  in  using  exchange, 
eGate,  elnsight  for  implementing 
EDI  transaction/Experience  in 
using  system  development  life 
cycle  methodology  approach/ 
Experience  with  mainframe  plat¬ 
form  (COBOL,  CICS,  ADABAS, 
NATURAL  VSAM,  DB2  and 
JCL).  Base  Salary  $65000. 
Send  application  and  resume 
to:  LB  Infosys.  1300  Edgewater 
Dr  #306. Pierre,  SD  57501. 


IT  Service  Coordinator  wanted 
to  develop,  design,  analyze,  and 
modify  web-based  and  applica¬ 
tion  software.  Provide  routine 
solutions  and  analyses.  Plan 
web-site  development  and 
establish  and  maintain  web 
server.  Programming  internal 
application  and  related  IT  strate¬ 
gy  planning.  BS  in  Computer 
Science  and  related  experience 
required.  Send  resume  to  HR 
Dept.,  Mississippi  Home 
Corporation,  735  Riverside 
Drive,  Jackson.  MS  39202. 


Software  Engineers:  Analyze, 
design,  develop  8  deploy  apps. 
in  SAP  R/3  Modules  (MM,  SD, 
WM,  PP.  PM,  FICO  8  HR)  and 
related  technologies  (ABAP/4, 
ALE,  EDI,  IDOCS,  ITS),  SAP 
BW,  Oracle,  SQL  Server  and 
Visual  Basic.  Send  resume  to 
HR,  InfoWeb  Systems,  Inc., 
3435  Asbury  Road,  Suite  175, 
Dubuque,  IA  52002.  EOE. 


Falcon  Farms,  a  fresh  cut 
flower  importer  seeks: 
Computer  Programmer: 
Develop/implement  appli¬ 
cations  for  long-term  deci¬ 
sion  making,  optimum  pro¬ 
ductivity,  train  users.  BS  in 
Comp.  Sc./Syst.  Engr  w/rel. 
exp.  Resume  to:  Ref#  202, 
HR.,  1401  NW  78  Av, 
Miami,  FL  33126 


Software  Developer  I 
Presentation  Tier:  Perform  GUI 
design,  product  development 
and  defect  resolution  in  a  J2EE 
environment  using  Java.  Struts, 
Taglibs,  JDBC.  SQL  and  XML. 
Develop  web  components  using 
MVC  architecture.  Participate  as 
a  project  team  member  through¬ 
out  the  full  software  develop¬ 
ment  life  cycle.  B.S.  in  CS, 
Information  Science,  EE  or  relat¬ 
ed.  Must  have  the  ability  to  use 
Java,  Struts,  Taglibs,  JDBC, 
SQL  and  XML  and  MVC  archi¬ 
tecture.  M.S  accepted  in  lieu  of 
B.S.  40  hrs/week,  9am-5pm 
Positions  available:  multiple. 
Resume  to:  Mr.  Vichael  Fleming, 
Vice  President  of  Engineering, 
EPL  Inc.,  22  Inverness  Center 
Parkway,  Suite  400, 
Birmingham,  AL  35242. 
jobs@epl.net 


Seeking  qualified  applicants  for 
the  following  positions  in 
Collierville,  TN:  Senior  Bus¬ 
iness  Application  Analyst.  Act 
as  liaison  between  technical 
developers  and  users/cus¬ 
tomers.  Requirements:  Bache¬ 
lor's  degree  or  equivalent*  in 
computer  science,  business, 
math,  statistics  or  related  field 
plus  5  years  of  experience  in 
analyzing  business  systems  and 
developing  technical  automated 
solutions.  Experience  with  Java 
or  C++;  development  of  n-tiered 
object-oriented  applications;  and 
either  Cobol,  DB2  or  CICS  also 
required.  ‘Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services, 
1900  Summit  Tower  Blvd.,  Suite 
1400,  Orlando,  FL  3281 0.  EOE 
M/F/D/V. 


PROGRAMMER  ANALYSTS  for 
Hickory  Hills,  IL  office.  Design  8 
Develop  software  applications 
using  Oracle,  XML,  UML,  C++, 
Sybase,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  PVCS, 
UNIX.  Bachelors  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yr  of 
related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U.S.  Send 
resume  to  HR  Manager,  Compro 
Consulting  Group,  Inc.,  8619  W 
95th  St..  Hickory  Hills,  IL  60457. 


Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
s/w  engineers.  Candidate  must 
have  BS  with  at  least  one-year 
IT  experience.  Good  skills  in 
C/C++,  Java,  Oracle,  WebLogic, 
VB,  HTML,  ERP  are  plus. 
Traveling  is  required.  Apply 
jobs@paradigminfotech.com. 
EOE 

Logic  Solutions  looks  for  IT  pro¬ 
fessionals.  Applicants  must  have 
MS/BS  with  minimum  1  -yr  exp. 
Duties  include  administer  8  set 
up  WebSphere,  IBM  HTTP  serv¬ 
er,  Apache,  iPlanet  and  Tomcat 
web  servers  for  commercial  web 
sites  on  Windows,  Solaris. 
Contact  hr@logiclink.com 


Management  Analyst  with  expe¬ 
rience  to  research  and  develop 
short  as  well  as  long  term  plans 
and  business  strategies  for  soft¬ 
ware  development  to  include 
outsourcing  of  software  develop¬ 
ment  services  and  business 
processes.  Research  market 
conditions  and  forecast  trends 
for  SAP  and  Oracle  ERP  solu¬ 
tions  and  services.  Working 
Knowledge  of  COGNOS  and 
Microsoft  Project  is  preferred. 
Position  requires  Bachelor's 
degree  in  Management  or  relat¬ 
ed  field  and  atleast  3-5  years 
related  work  experience.  Send 
resume  to  Rashi  Information 
Services  Inc,  214  Senate 
Avenue,  Camp  Hill,  PA  17011 
Attn  Ravi  Jaganmohan. 


S/W  Engineers  to  design, 
develop/maintain  web  and 
CRM  appls  using  Java,  VB, 
Oracle,  Dev  2000,  SQL,  JSP, 
Clarify  Suite  of  Products, 
Weblogic  on  Windows  8  UNIX 
OS;  provide  training  8  user 
support  for  the  systems  and 
related  appln  internally  8  to 
clients;  test,  debug  and  mod¬ 
ify  existing  software.  Require: 
MS  or  foreign  equiv  in 
CS/Engineering(any  branch) 
8  1  yr  exp.  in  IT.  F/T.  High 
Salary.  Travel  involved. 
Resumes  to  HR,  ABZ 
Consulting,  Inc.,  2600  Century 
Prkwy,  Ste  100,  Atlanta,  GA 
30345. 


Sr  Systems  Analysts  to  man¬ 
age  projects  to  design,  devel¬ 
op,  test,  implement,  maintain 
and  support  business  appls 
using  Oracle  Financial  and 
Manuf  appls,  Oracle,  SQL, 
Dev  2000  in  Windows/UNIX 
envir;  plan,  direct,  coordinate 
activities  of  projects  on-time 
and  on-budget;  analyze  busi¬ 
ness  reqs  of  clients  and  re¬ 
engineer  business  appls. 
Require:  Master’s  in  CS/ 
Business  and  1  yr  exp  in  IT. 
Travel  involved.  F/T  position. 
Competitive  salary.  Resume 
to:  HR,  Quest  America,  Inc., 
211  East  Ontario  Street,  Suite 
1800,  Chicago,  IL  60611 


BUSINESS  ANALYST.  Keller. 
Texas.  Require  Bachelor's 
degree  in  a  technical  discipline 
such  as  engineenng,  physics  or 
math  8  MBA,  data  modeling  and 
data  analysis  experience.  8 
graduate  course  work/project  or 
previous  work  experience  using 
statistics  software  applications. 
Send  resume  to  Coming  Cable 
Systems,  LLC,  Attn:  Human 
Resources  Manager,  9275 
Denton  Highway,  Keller,  Texas 
76248.  NO  PHONE  CALLS 
PLEASE. 


Systems  Analyst 
Analyze,  design,  and  deploy 
customized  IT  solutions  based 
on  a  client's  needs  and  business 
environment.  Must  have 
Bachelors  Degree  or  foreign 
equiv.  in  Computer  Science  or  in 
a  related  field  8  1  yr.  exp.  or  1  yr. 
exp.  in  a  related  position  w/abili- 
ty  to  use:  OS  Windows,  C#, 
MDX,  OLAP,  and  XML  and  must 
be  willing  to  travel  and  relocate. 
40.0  hrs./wk  9:00  AM  -  6:00  PM 
Applicants  send  cover  letter  and 
resume  to:  SRA  Systems,1945 
Cliff  Valley  Way,  Suite  270. 
Atlanta,  GA  30329,  Attn:  S. 
Nagarajan 
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www.itcareers.com 

is  the  place  where  your 


fellow  readers  are  getting 
a  jump  on  even  more  of 
the  world's  best  jobs. 

Now  combined  with 
CareerJournal.com, 
you  have  more  jobs 
to  choose  from. 

Stop  in  for  a  visit  and 
see  for  yourself  at: 
www.itcareers.com 
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Struggling 

with 
IT  Service 
Management 

issues? 


Turn  to  slm-info.org — THE 

for  guidance  and  information 


SOURCE 

on  SLM. 


Site  Founder 


ENTERPRISE  MANAGEMENT 

ASSOCIATES 


Sponsorship  Opportunities 


Commitments  to  service  level  management  (SLM)  initiatives  are  on  the  rise  in  organizations  of  all  kinds. 
The  challenge  for  most  IT  professionals  is  finding  a  way  to  implement  SLM  in  addition  to  all  of  their  other 
priorities.  The  industry  is  confusing  with  over  80  vendors  offering  SLM  solutions.  Best  practices  such  as 
Six  Sigma  and  IT  Infrastructure  Library  (ITIL)  further  complicate  the  market  landscape  by  providing 
varying  structures  for  SLM  implementation. 

Slm-info.org  was  created  as  an  on-line  learning  forum  for  SLM. The  site  was  developed  to  facilitate  on-line 
dialog  among  IT  professionals,  service  providers,  vendors,  and  industry  leaders  in  SLM;  and  to  promote 
the  evolution  and  development  of  IT-based  service  management.  The  mission  of  this  site  is  to  help  IT 
professionals  plan  and  implement  effective  strategies  for  managing  IT-based  business  services — serving  as 
an  independent  clearinghouse  for  all  types  SLM  information. 


Please  contact  our 
Business  Development 
Representatives  at 
info@slm-info.org 
for  more  information. 


Log  on  to  slm-info.org  for  practical  tips,  links,  SLM  standards,  SLM  solutions,  SLM  news  and  events  and 
join  our  discussion  board. 


Submit  your  SLM  case  study  and  earn  cash!  Details  available  at  slm-info.org. 


slm^I  ofo.org 

a  service  level  management  learning  community 


www.nwfusion.com 
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H  Saies  Offices 


Caro'  Lasker.  Associate  Publisher/Vice  President 
jfgffg  Jane  Waissman,  Sales  Ope-alions  Coordinator 
Internet-  ctesker,  jweissman@nww.coni 
(508)  460-3333/FAX:  (508;  460-1237 

Nsw  York/Hew  Jersey 

Tom  Daws.  Associate  Publisher,  Eastern  Region 
Elisa  Delia  Roeco,  Regional  Sales  Manager 
Agate  Joseph,  Sales  Associate 
Internet:  tdavis,  olisas,  a„»ose  ph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Donna  Pomponi.  Regional  Sales  Manager 
Internet:  dpomponi@nww.com 
(508)  460-3333/FAX:  (508)  460- 1237  _ 


Mid-Atlantic 

Jacqui  DiBianca.  Regional  Sales  Manager 
Marla  Hagan,  Sales  Assistabt 
Internet:  jdibian,  mhagan@nww  com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 


Northern  California/Northwest 

1  Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Sales  Manager 
Miles  Dennison,  Regional  Sales  Manager 
I  Courtney  Coughlin,  Regional  Sales  Manager 
Maricar  Lagura,  Office  Manager/Sales  Assistant 
Teri  Lowe,  Sales  Assistant 

Internet:  skupiec,  kwilde,  mdennison,  ccoughlin,  mlagura, 
tlowe@nww.com 

(510)  768-2800/FAX:  (510)  768-2801 


Southwest/Rockies 

Becky  Bogart  Randell,  Regional  Sales  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  branded,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Southeast 

Don  Seay.  Regional  Sales  Manager 
Internet:  dseay@nww.com 

(404)  845-2886/FAX:  (404)  250-1646 _ 

Customer  Access  Group 

Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 

Manager,  Customer  Access  Group 

Shaun  Budka,  Director,  Customer  Access  Group 

Kate  Zinn,  Sales  Manager,  Eastern  Region 

Internet:  tdavis,  sbudka,  kzinn@nww.com 

(508)  460-3333/FAX:  (508)  460-1237  _ _ 

Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director,  Online  Services 
Scott  Buckler,  West  Coast  Regional  Sales  Manager 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Douglas,  Online  Operations  Manager 
LisaThompson,  Online  Ad  Traffic  Coordinator 
Internet:  adoucette,  jkalbach,  sbuckler,  sgutierrez,  dlovell, 
kdouglas,  lthompson@nww.com 
(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Jayson  Cooper,  Director  of  Marketplace  Advertising 

Enku  Gubaie,  Senior  Account  Manager 

Caitlin  Horgan,  Account  Manager 

Jennifer  Moberg,  West  Coast  Sale  Representative 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  jcooper,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Vice  President,  Nancy  Percival,  Midwest/West  Regional 
Manager,  Laura  Wilkinson,  Midwest/West  Account  Executive, 
Mark  Dawson,  Eastern  Regional  Manager,  Jay  Saveli,  Eastern 
Account  Executive,  Andrew  Haney.  Sales/Marketing 
Associate,  Joanna  Schumann 
(800)  762-2977/FAX:  (508)  875-6310 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 
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John  Gallant,  President/Editorial  Director 

Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro-White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Human  Resources  Representative 

MARKETING 

TerryAnn  Croci,  Senior  Director  of  Marketing 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Marketing  Design  Manager 
Cindy  Panzera,  Marketing  Designer 

GLOBAL  PRODUCT  SUPPORT  CENTER 

Nancy  Sarlan-Parquette,  Sr.  Product  Marketing  Manager 

PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Senior  Production  Specialist 
Jami  Thompson,  Production  Coordinator 
VeronicaTrotto,  Advertising  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

(800)  343-6474/(508)  370-0825,  FAX:(508)  370-0020 

SEMINARS.  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Robin  Azar,  Vice  President  of  Events 

Michele  Zarella,  Director  of  Operations 

Dale  Fisher,  Event  Planner 

Tim  DeMeo,  Senior  Operations  Specialist 

Kristen  Kennedy,  Event  Coordinator 

Sandra  Gittlen,  Events  Editor 

Neal  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou-Cianci,  Senior  Event  Sales  Manager 

Sandy  Weill,  Sr.  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

Judy  Tyler,  Sales  Operations  Specialist 

Mark  Hollister,  Senior  Director  of  Event  Marketing 

Debra  Becker,  Dir,,  Marketing  A  Audience  Development 

Sara  Evangelous,  Marketing  Manager 

Timothy  Johnson,  Marketing  Specialist 

ONLINE  SERVICES 
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Old  Windows  versions  still  hanging  around 


■  BY  JORIS  EVERS 


Many  North  American  businesses  still 
have  computers  running  on  Windows  98 
—  if  not  older  versions  —  even  though 
support  for  the  operating  system  is  set  to 
end  Jan.  16,  2004,  according  to  a  new 
study. 

AssetMetrix,  an  IT  asset-analysis  tool 
vendor  in  Ottawa,  collected  data  on  more 
than  370,000  PCs  from  670  businesses  in 
the  U.S.and  Canada. The  study  found  that 
80%  of  those  companies  have  at  least  one 
PC  running  either  Windows  95  or  98. 
These  older  versions  of  the  software 
accounted  for  about  27%  of  operating  sys¬ 
tems  found. 

In  ending  support  next  month  for  Win 
98  and  Win  98  Second  Edition,  Microsoft 
on  its  Web  site  says  the  products  will  be¬ 
come  “obsolete.”  Online  self-help  support 
will  be  available  until  at  least  June  30, 
2006,  but  Microsoft  will  not  provide  secu¬ 
rity  fixes  or  other  product  updates,  the 
company  says.  Support  for  Win  95  ended 
on  Dec.  31, 2001,  according  to  the  Micro¬ 
soft  product  life-cycle  Web  site. 

As  a  result  of  the  Win  98  retirement, 
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businesses  that  still  have  the  operating 
system  in  use  face  “an  ever-increasing  risk 
of  a  security  breach  for  their  entire  net¬ 
work,”  the  study  says.  AssetMetrix  advises 


businesses  to  retire  all  Win  98  systems  that 
are  connected  directly  to  the  Internet. 

Also  on  tap  for  retirement  next  year 
are  Office  97  and  Windows  ME,  NT 


and  NT  Workstation. 

Evers  is  a  correspondent  with  IDG  News 
Sew  ice’s  San  Francisco  bureau. 
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The  networking  landscape  is  changing  on  every  level. 

As  the  first  event  of  the  year  to  examine  the  most 
critical  issues  facing  the  networking  industry,  COMNET 
2004  will  demonstrate  how  wireless,  security,  VoIP, 
WAN  and  he  data  center  are  redefining  how  business 
is  dong. 

COMNET  2004  will  enable  you  to  make  informed 
technology  evaluations  and  purchasing  decisions  for 
the  year  ahead.  Come  to  COMNET  2004  and  become 
a  technology  champion! 

You  cannot  afford  to  miss  COMNET  2004  if  you 
need  to: 

•  Secure  your  most  important  and  valuable  resources 

•  Connect  and  manage  remote  office  resources 

•  Gain  new  efficiencies  from  your  data  center 

•  Evaluate  service  offerings  from  leading  networking 
providers 

•  Understand  the  advantage  of  being  first 
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Mark  Gibbs 


What  to  do  about  scumware? 


The  Scumware  Song  (to  the  tune  of 
"The  Christmas  Song")* 

Software  downloading  on  my  desktop 
Picked  it  up  free  online  somewhere 
Looks  like  good  stuff  but  what  if  it's  not 
Could  I  just  have  got  some  new  scumware? 

PC’s  slower  than  a  dead  reindeer 

Got  me  ripping  out  my  hair 

Things  aren 't  quite  right  on  my  PC  tonight 

Could  /  just  have  got  some  more  scumware? 

I  know  that  ads  are  on  the  way 

There's  lots  of  pop-ups  to  display 

And  my  home  page  has  been  hijacked  clean  away. 

And  so  I’m  offering  this  warning 
To  newbies  from  one  to  ninety-two 
Altho’it's  been  said  many  times,  many  ways, 

The  scumware  swine  want  to  get  you  too. 

(*  with  apologies  to  Mel  Torme,  who  wrote  the 
lyrics  for  “The  Christmas  Song”) 

I  closed  last  week’s  missive  with  the  question, 
What  are  we  going  to  do  about  scumware?  Well, 
the  answer  rather  depends  on  what  you  think  can 


be  done.  Like  spam,  scumware  is  tricky  stuff. 

For  example,  just  as  you  have  the  problem  defin¬ 
ing  what  spam  is,  how  do  you  define  what  scum¬ 
ware  is? 

Rep.  Mary  Bono  (R.-Calif.)  tried  to  do  this  with 
H.R.  2929,  the  Safeguard  Against  Privacy  Invasions 
Act. This  bill  was  introduced  July  25  and  was 
referred  to  the  Committee  on  Energy  and  Com¬ 
merce,  where  it  has  gone  into  hibernation. The  bill’s 
attempt  at  defining  spyware,  which  is  one  type  of 
scumware,  is  brave  but  a  little  vague  (see  www. 
nwfusion.com,  DocFinder:  8950): 

“The  term  ‘spyware  program’  means  any  computer 
program  or  software  that  can  be  used  to  transmit 
from  a  computer,  or  that  has  the  capability  of  so 
transmitting,  by  means  of  the  Internet  and  without 
any  action  on  the  part  of  the  user  of  the  computer 
to  initiate  such  transmission,  information  regarding 
the  user  of  the  computer,  regarding  the  use  of  the 
computer  or  that  is  stored  on  the  computer.  In  issu¬ 
ing  regulations  to  carry  out  this  paragraph,  the  com¬ 
mission  shall  distinguish  spyware  programs  from 
other  commonly  used  computer  programs  used  to 
share  information  among  computers  in  an  orga¬ 
nized  network  of  computers.” 

This  definition  could  be  applied  to  software  regis¬ 
tration  compliance  systems  such  as,  oh, say,  Win¬ 
dows  licensing  “activation”  mechanism. 


And  again,  this  bill  can  do  nothing  about  scum¬ 
ware  created  and  downloaded  from  overseas. 

I’m  afraid  that  in  the  online  world,  U.S.  legislation 
for  scumware  and  spam  can  only  curb  the  poten¬ 
tial  excesses  of  U.S.  companies.  And  should  this  bill 
ever  see  the  light  of  day  —  which  1  believe  to  be 
very  unlikely  —  it  undoubtedly  will  be  as  pathetic 
and  watered  down  as  the  ill-conceived  and  essen¬ 
tially  pointless  CAN-SPAM  Act  of  2003. 

There  are  only  three  things  you  can  do  to  fight 
scumware.  First,  use  technology  —  there  are  scores 
of  products  that  identify  scumware  and  disinfect 
your  systems  effectively  Second,  educate  your 
users.Getting  users  to  behave  in  “safe”  ways  online 
will  reduce  the  problem  by  orders  of  magnitude. 

Third,  make  sure  U.S.scumware  vendors  know  how 
you  feel.  When  you  find  their  junk  on  your  systems, 
write  the  creators.  If  we  all  send  a  message  for  each 
and  every  installation  of  scumware  we  find  they 
might  start  to  understand.  And  make  it  clear  that 
your  organization  will  never  have  any  business  deal¬ 
ings  with  them.  Ever. 

You’ve  got  a  week  or  so  to  make  this  a  holiday 
they  won’t  forget  in  a  hurry. 

Have  a  fabulous  Christmas!  Er,  Hanukkah? 
Kwanzaa?  Oh,  darn,  just  have  a  great  holiday  from 
backspin  @gibbs.  com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

An  experiment  in  opting  out 

As  these  words  are  typed,  the  first 
federal  legislation  governing  junk 

e-mail  stands  but  a  promised  presidential  signature  away  from  becoming  law. 

The  bill  —  dubbed  CAN-SPAM  —  is  a  piece  of  junk  that  almost  certainly  will 
increase  the  overall  amount  of  spam  that  we  receive,  which  one  presumes  is 
not  the  outcome  beleaguered  e-mail  users  have  been  pining  for  from  the  politi¬ 
cal  process. 

And  as  you  probably  know,  the  law  for  the  first  time  establishes  an  opt-out 
option  as  the  spammer's  get-out-of -jail-free  card.  Want  to  send  spam?  Just 
provide  a  working  opt-out  option  and  you  legally  may  send  all  you  want  to  any¬ 
one  and  everyone  until  they  put  aside  their  lives  for  the  moment  needed  to  tell 
you  to  cut  it  the  heck  out. 

Don’t  know  about  you,  but  the  mere  thought  of  adding  this  task  to  my  never- 
ending  to-do  list  depresses  me  —  in  large  part  because  I  have  little  faith  that 
opting  out  is  going  to  do  me  or  anyone  else  much  good. 

Not  that  I've  tried  on  more  than  a  handful  of  occasions. 

Chaz  Ervin  has  tried  much  harder,  however,  and  he  recently  wrote  to  share 
his  experiences  of  doing  so.  In  his  tale  we  can  find  both  cause  for  encourage¬ 
ment  and  concern. 

"My  wife  had  been  getting  roughly  40  to  60  spam  e-mails  a  day,"  Ervin  writes. 

I  decided,  as  an  experiment,  to  try  opting  out  of  them.  After  about  two  weeks 
of  clicking  on  unsubscribe  links  (20%  of  which  never  work),  I  got  her  down  to 
three  to  five  spam  messages  a  day,  and  this  has  been  consistent  for  about  two 
months.  Of  course,  the  spam  she  gets  now  doesn't  come  with  opt-out  options, 
except  for  ones  to  fictional  addresses." 

"So  opting  out  of  spam  can  work,  but  the  question  is,  is  it  worth  the  time?” 

My  answer  has  always  been  that  life’s  too  short.  However,  now  that  opt-out  is 


about  to  become  the  law  of  the  land  —  and  spam  filters  remain  imperfect  — 
willful  indifference  to  the  option  becomes  tacit  approval  for  spammers  to  keep 
on  spamming. 

So  how  much  time  was  involved  in  Ervin's  experiment? 

“I  did  this  daily,  mainly  on  weekdays,  spending  maybe  10  minutes  a  day.  It  took 
a  few  days  before  the  amount  of  spam  started  to  go  down,  which  I  expected  as 
most  of  the  opt-out  pages  tell  you  it  will  take  a  week  or  two  to  be  removed 
from  their  database." 

I'm  still  depressed. 

Quick  answer ...  but  half-baked 

Generally  speaking,  brand-name  companies  are  not  very  good  at  answering 
consumer  e-mail.  . . .  Some  do  better  than  others,  of  course. 

We  recently  needed  a  sticky  issue  settled  here  in  the  news  department,  lest 
the  debate  keep  us  from  bringing  you  this  valuable  publication. The  question:  If 
extracted  and  baked,  would  the  cookie  dough  in  Ben  &  Jerry’s  Chocolate  Chip 
Cookie  Dough  ice  cream  yield  an  honest-to-goodness  cookie? 

After  much  back  and  forth  and  Googling,  a  colleague  decided  to  try 
consumer_affairs@benjerry.com. Three  hours  later  we  had  this  answer: 

“We've  heard  from  various  consumers  over  the  years  who  have  done  just 
that,”  the  company  reports.  "The  cookies  will  be  very  small,  unless  you  put 
more  than  one  dough  ball  together.  We  can’t  guarantee  what  they  will  taste  like 
or  how  long  or  what  temperature  you  need  to  bake  them  at." 

In  other  words,  you  can  put  anything  you  want  into  an  oven  —  as  long  as  it’s 
smaller  than  the  door —  but  that  doesn’t  mean  you’ll  get  an  edible  cookie  for 
your  trouble.  We’re  just  going  to  have  to  try  it. 

But  the  response  time  sure  was  impressive. 

Can 't  guarantee  three  hours,  but  /  generally  do  my  best  to  answer.  The  address  is 
buzz@nww.com. 


UNSCRAMBLE  THE  PUZZLE  ABOUT  UNIX  MIGRATION. 


Choose  Dell  coupled  with  Microsoft®  Windows®  Server  2003  and  you've  found  the  trick  to  UNIX  migration.  It's  called  flexibili¬ 
ty.  And  it's  a  combination  that  gives  you  incomparable  value  through  reduced  IT  costs.  Plus,  you'll  have  the  agility'  to  respond  to  new 
trends.  Without  question,  the  teaming  of  Dell  and  Microsoft  is  a  boon  to  productivity  and  a  bear  on  your  TCO.  How's  that  for  a  better 
way?  Find  out  more.  Call  1-866-871-9881  or  visit  www.DELL.com/MSmigration  and  get  a  free  business  case  analysis  on  migrating 
to  a  Dell/MS  Server  2003  solution. 


visit  www.DELL.com/MSmigration  or  call  1-866-871-9881 

for  your  free  UNIX  migration  business  case  analysis 
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IF  WE  CAN’T 

AFFORD  THE 

SOLUTION. 
THEN  IT’S  NOT 

A  SOLUTION. 


If  you  are  a  growing  enterprise,  your  need  for  new  software  always  exceeds  your  budget.  Or  does  it?  SAP  has  a  range  of  solutions 
to  (it  any  size  business  and  any  budget.  Solutions  that  can  be  up  and  running  quickly  —  even  in  a  matter  of  weeks.  And  since  they’re 
modular  and  based  on  an  open  platform,  they  can  grow  and  expand  as  you  do.  SAP  has  over  30  years  of  experience  helping  businesses 
of  all  sizes  solve  business  issues.  Affordably. 


THE  BEST-RUN  BUSINESSES  RUN  SAP 


FOR  AN  OPPORTUNITY  TO  WIN  AN  ALL-EXPENSE-PAIO  TRIP  TO  A  BUSINESS  MANAGEMENT 
SEMINAR,  LOG  ON  TO  SAP.COM/USA/AFFORDABLE  OR  CALL  888  592  1727 
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